How ready are our nation’s municipalities?
The biggest information technology compliance deadline of our young Century is looming: 1 July 2021 is the date on which the Protection of Personal Information Act 4 of 2013 (POPIA) comes into law for all entities.
POPIA has far reaching implications for municipalities which hold vast amounts of sensitive personal data. In terms of POPIA, they will be required to process their data lawfully and comply with data storage and security standards as set out by the Act.
Consent and privacy policies must be in place, and data systems must be structured to capture, store and disseminate relevant information, with high security measures required to retain data privacy and protect it from unlawful use.
Are South Africa’s municipalities ready for POPIA?
We asked Gerrit Deyzel, head of ICT at Inzalo EMS.
Deyzel says many local authorities are still lagging behind on ICT infrastructure, particularly in smaller municipalities which remain heavily reliant on paper-based processes.
“Those municipalities without adequate IT infrastructure in place, face an impossible challenge,” he says. “They have masses of private data in their possession and have to get consent for using this data. For instance, think of the logistics around getting permission to send the names and addresses of ratepayers to a 3rd party such as a meter reading company.”
POPIA requires particular conditions when processing sensitive personal data. This includes specific safeguards designed to defend that data from breaches and unauthorised user access.
With a view to the upcoming local government elections, Deyzel warns that Municipal Managers (heads of public bodies are the designated information officers) will need to demonstrate that their offices are fully meeting compliance requirements. “Those that aren’t ready will inevitably be targets for criticism from opposition parties and ratepayers. In addition, they will be risking substantial fines or even imprisonment,” he said.
“There are really no shortcuts,” says Deyzel. “Municipalities have to go through a multi-step process starting with finding out what information you have and how you process it.”
The essential steps for POPIA compliance require the following:
- Perform a personal information impact assessment – find out what information you have and how you process it.
- Develop a compliance framework – ensure adequate internal measures and systems for the lawful processing of personal information.
- Develop a POPIA Policy Manual – describe how you use, store, process and share personal information.
- Conduct internal awareness sessions – ensure that all staff are properly trained regarding the provisions of POPIA.
- Deploy effective security and access controls – including on all devices used onsite as well as offsite (such as work-from-home scenarios).
- Install data encryption, authentication measures and effective anti-virus and anti-malware software.
- Back up all data in offsite locations.
- Implement internal auditing and reporting solutions.
POPIA compliance may present an onerous phase of implementation, but the benefits will be far reaching. It will increase good governance and leadership within a municipality, and it will improve areas like risk management, information security, records and information management.
For municipalities still wrestling with the challenge of preparing for POPIA, Inzalo EMS offers an IT infrastructure system that enables best practice in all aspects of municipal management. Endorsed by National Treasury, Inzalo’s electronic management system supports optimal compliance and data governance and allows for exceptionally efficient electronic document management.
The company’s electronic document management system was designed to align with the latest national archive requirements and be fully POPIA compliant. It comes with a system security to prevent catastrophic cyber-attacks and makes it easy to file, retrieve, share, and track documents.
Inzalo EMS will install a full solution and train municipal teams to use it. Contact us now if your municipality still needs help with preparing for POPIA.