Information Privacy and Governance :: Personal Information, Privacy Law

A number of high profile organisations have been subjected to great reputational damage resulting from a proliferation of personal information breaches (Protecting Personal Information, 2010). Organisations have made substantial use of their customer's personal information without doing much to protect the information. Organisation's collecting personal information have had little impetus to consider the best privacy protection solutions and people have not done anything drastic to initiate such action (Loss of privacy is price one pays to live in online world, 2011). It may take strong government regulation to propel organisations in this direction (Loss of privacy is price one pays to live in online world, 2011) leading to the pending implementation of the Protection of Personal Information Bill (POPI) (POPI: Threat or opportunity, 2010:22) in South Africa. The POPI Bill will address the right to privacy enforcing stringent measures on all public and private entities in South Africa to ensure that the personal information of individuals is protected. The Law Commission’s findings revealed that privacy laws are lacking in South Africa, despite the fact that the right to privacy is enshrined in the Constitution (Theophanides, 2010). POPI will pave the way for the constitutional right to privacy and will regulate the manner whereby personal information is processed providing individuals with the authority to protect their personal information (Theophanides, 2010). To prepare for POPI compliance, organisations will have to initiate an organisation-wide privacy protection programme. A very interesting market development has been the rise of a privacy GRC (Governance, Risk and Compliance) market niche (Kim, 2010). The three keywords, Governance, Risk and Compliance that emanate from this current context are commensurate with GRC, one of the latest acronyms to embrace the financial world (Conte, 2007:62). This acronym GRC has infiltrated the business community over the last years (Racz et al., 2010a:106) and is an executive-level concern of many enterprises today (Krey et al., 2011:350). GRC is an integrated approach overseeing people, processes and technology in order to deliver stakeholder value while managing risk and complying with regulations and laws (Anand, 2010:57). Many organizations get their first experience of a GRC program when they begin to implement a privacy program because privacy is an enterprise issue that spans legal, IT, compliance and business operations (Privacy and GRC: What the New Ponemon Study and the GAPP is Telling us, 2011). The POPI Bill is not exclusively an IT or legal or a process or security issue but a combination of all of these (POPI: Threat or opportunity, 2010:22). Information Privacy and Governance :: Personal Information, Privacy Law A number of high profile organisations have been subjected to great reputational damage resulting from a proliferation of personal information breaches (Protecting Personal Information, 2010). Organisations have made substantial use of their customer's personal information without doing much to protect the information. Organisation's collecting personal information have had little impetus to consider the best privacy protection solutions and people have not done anything drastic to initiate such action (Loss of privacy is price one pays to live in online world, 2011). It may take strong government regulation to propel organisations in this direction (Loss of privacy is price one pays to live in online world, 2011) leading to the pending implementation of the Protection of Personal Information Bill (POPI) (POPI: Threat or opportunity, 2010:22) in South Africa. The POPI Bill will address the right to privacy enforcing stringent measures on all public and private entities in South Africa to ensure that the personal information of individuals is protected. The Law Commission’s findings revealed that privacy laws are lacking in South Africa, despite the fact that the right to privacy is enshrined in the Constitution (Theophanides, 2010). POPI will pave the way for the constitutional right to privacy and will regulate the manner whereby personal information is processed providing individuals with the authority to protect their personal information (Theophanides, 2010). To prepare for POPI compliance, organisations will have to initiate an organisation-wide privacy protection programme. A very interesting market development has been the rise of a privacy GRC (Governance, Risk and Compliance) market niche (Kim, 2010). The three keywords, Governance, Risk and Compliance that emanate from this current context are commensurate with GRC, one of the latest acronyms to embrace the financial world (Conte, 2007:62). This acronym GRC has infiltrated the business community over the last years (Racz et al., 2010a:106) and is an executive-level concern of many enterprises today (Krey et al., 2011:350). GRC is an integrated approach overseeing people, processes and technology in order to deliver stakeholder value while managing risk and complying with regulations and laws (Anand, 2010:57). Many organizations get their first experience of a GRC program when they begin to implement a privacy program because privacy is an enterprise issue that spans legal, IT, compliance and business operations (Privacy and GRC: What the New Ponemon Study and the GAPP is Telling us, 2011). The POPI Bill is not exclusively an IT or legal or a process or security issue but a combination of all of these (POPI: Threat or opportunity, 2010:22).