CPUT has cultivated the ground in order to fully comply with the tough provisions of the new Protection of Personal Information (Popi) Act.
Promulgated in 2013, the act affects government departments, business companies as well as institutions of learning. It is expected to be enforced as soon as its rules and regulations are published.
Popi protects people’s personal information and requires an individual’s consent before their personal information is shared with a third party.
The act compels the university to take steps to safeguard people’s personal information from unlawful access and to appropriately dispose of data it no longer needs.
In this light the university is charged with the task of using people’s personal information properly and responsibly.
Nico Stofberg, a consultant hired to ensure that the university adequately complies with the act, says he has assessed the processes of managing the institution’s data.
“I have identified pockets of data from primary to secondary owners,” he says.
Primary owners are the departments or units which collect the data from a source for a specific purpose and then transfer it to another department, a secondary owner.
For example, the Admissions and Registration Centre collects particulars of prospective students which are contained in the application forms which it then sends to faculties for consideration.
Stofberg has already presented a draft report to the university’s Popi Task Team and will soon be submitting his final report with recommendations.
“It’s a simple act but complications can be severe,” he warns.
He adds that harsh penalties await those institutions which may contravene its regulations.
Image courtesy of sscreations at FreeDigitalPhotos.net
