Saturday, 28 January 2012 marked international Data Privacy Day. The day highlights the impact technology is having on our privacy rights and underlines the importance of valuing and protecting personal information. While the day is recognised internationally by business professionals, corporate South Africa is grappling with our privacy legislation.
As South Africa's Protection of Personal Information (PPI) Bill looms over the county's corporate sector, many companies are racing against time to grasp the compliance demands of the legislation. Unfortunately, in their haste, many are underestimating the benefits that compliance could bring to their operations.
“The PPI Bill is a natural progression for South Africa. At its most basic, the legislation reinforces every South African's constitutional right to privacy. At the other end of the scale, it brings the country into line with most of its significant international trading partners, a factor that builds confidence when information is transmitted across borders,” says Deloitte Legal Director, Dean Chivers.
Looking beyond compliance, effort and cost, there is substantial value for those implementing PPI. The value of the corporate brand will increase, with customers and business partners having more trust in the organisations with which they do business. According to Chivers, this customer value can translate into financial benefits.
PPI's value for a brand is incalculable. The recent announcement that about R41 million had been stolen by hackers infiltrating the PostBank database illustrates perfectly the reputational and monetary loss involved when customer information is hacked.
The recent case where Zappos in the USA was hacked and had to notify in the region of 24 million customers of the breach and implement preventative measures further indicates some of the potential downside. Indeed, data events like hacking, data loss, unauthorised data use, insufficiently regulated outsourcing and cross-border data transfers all presented significant value risk.
Added to this, on 25 January 2012, the European Commission proposed increased penalties for data privacy breeches, which envisage penalties of up to 2% of a company's global annual turnover.
“While companies will need to reassess their data management process, analyse their security, amend processes and change their contracts, companies should not look at the PPI Bill as purely an inconvenience. Rather, by aligning the requirements of the Bill to existing projects and reporting structures, PPI can offer a sustainable and measurable return on investment,” concludes Chivers.
Should you wish to chat to Dean Chivers, please do not hesitate to contact me.