Cathexis Technologies values data protection. It is also committed to helping its clients comply with data protection laws. Cathexis has therefore produced a PoPIA Privacy Guide that provides guidelines for understanding and applying personal data protection when using CathexisVision video surveillance management software.
The Protection of Personal Information Act (PoPIA) was signed into law in South Africa in 2013, with various sections coming into effect in the years that followed. It is a comprehensive law which aims to protect individuals’ personal data, by holding organisations accountable for capturing, processing and storing personal information responsibly. What is personal information? Under PoPIA, it is data that identifies, relates to, describes, or could reasonably be linked with a particular consumer.
While the deadline for companies to register a data protection officer has already passed (31 March 2021), the deadline for enforcement of PoPIA by the Information Regulator is 1 July 2021. PoPIA applies to any organisation operating in South Africa, or organisations operating outside South Africa which offer products and services to customers or businesses within South Africa. Compliance depends on the combination of an organisation’s access to and use of personal data.
Eight conditions form the foundation of compliance and determine how personal information may be legally gathered, processed and held under the Act: accountability, processing limitations, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation. PoPIA also outlines rights which authorise people to know the operator’s purpose in using their personal data and allows them to check that it is being carried out lawfully.
Privacy is necessarily about security: for information to remain private, it must also be held securely. By strengthening your organisation’s cybersecurity measures, you can strengthen its likelihood of compliance with the PoPI Act. Why is compliance important? There are risks to non-compliance: damage to the company’s reputation and enforcement action by the Information Regulator.
As the limits of PoPIA have not yet been tested by the courts and Information Regulator, the best business plan is to act to mitigate risks and prioritise personal data protection. Yet compliance is not simply about avoiding penalties. By developing an organisational culture underpinned by cybersecurity and respect for your customers’ privacy rights, your company can protect its brand, gain a competitive advantage and build trust with consumers.
Privacy by design is a core principle of the Protection of Personal Information Act. Privacy and security need to be embedded within all of your organisation’s practices, systems and technology, demonstrating a culture of data protection. In short, your company needs to know and document what data it holds, its source, who it is shared with and how it is used.
The features in CathexisVision software that support PoPIA compliance measures include optional database shredding, data encryption, video signing, archive security, password control and watermark overlays on video footage. For more information, you can consult the official PoPIA website and the PoPIA Privacy Guide developed by Cathexis Technologies, which has been tailored to address compliance in the security sector and the use of video surveillance software.