Survey Results: Only 26% of South African Companies are Preparing For POPI Bill

Our recent survey of over 300 South African companies revealed that only 26% are actively looking for technologies and adjusting processes to ensure they comply with the Protection of Personal Information Bill, which is expected to be promulgated in 2013.

South African business data protection statistics and trends

Never lose an email with Cibecs backup software.

The survey was run by Cibecs business data protection and looked at current SA business data security trends and statistics. “Better control of our personal information in today’s highly connected society is a must, and the POPI Act puts South Africa right up there.” says Russel Stromin, chair of The Wireless Application Service Providers’ Association Code of Conduct working group.

However 38% of South African companies surveyed are still using outdated data security strategies where they expect users to follow a policy and backup their data to a central file server or external hard drive. Even more concerning is that 9% of businesses reported having no data protection in place at all. 

One of the core purposes of South Africa updating our Data Protection legislation is to align ourselves with the rest of the world, and to ensure that our laws around the protection of personal information – and data protection in general – are up to global standard.

The Bill sets out eight conditions that responsible parties will need to take into consideration for the processing of personal information to be lawful. POPI is going to come into effect in the following months and will require changes in all South African organizations IT departments. The Business Data Protection landscape has changed significantly over recent years. Advances in technology, multi-device proliferation, increased user mobility and shifts in user behaviour have resulted in increasingly complicated requirements around business data security.

With the growing importance of effective and reliable data protection, companies leaving their data security in the hands of users are at severe risk. The consequences will soon stretch further than the direct consequences of data loss (which include data corruption, access to confidential files, productivity loss and data replacement costs) and with new legislation these consequences will become significantly more severe.

Over 65% of those companies that expect users to manually follow a data protection policy stated that user’s not following policy is their biggest challenge, and the majority stated that they could not recover any and all business critical data in the event of data loss.

26% of South African companies surveyed reported having lost data this year, with an additional 11% losing business critical data in 2011. User laptop or desktop data loss can result in several business risks including access to confidential business files and the loss of legal, customer and financial information. The replacement or attempts at recreating this data also results in huge productivity loss and obvious costs to the company.

31% of the survey respondents reported that of the most prevalent consequences to data loss, their biggest concern is not being able to recover their lost files. We might see an interesting shift in South African user’s concerns regarding data loss in the next few years, as data breaches are an increasingly public concern and businesses are put under legal pressure to protect personal information.

Read the full SA State of Business Data Protection report