Assessment of a South Africa national consultative workshop on the Protection of Personal Information Act (POPIA)
| Date | 25 July 2019 |
| Published date | 25 July 2019 |
| Pages | 58-74 |
| DOI | https://doi.org/10.1108/GKMC-02-2019-0026 |
| Author | Nkholedzeni Sidney Netshakhuma |
| Subject Matter | Library & information science |
Assessment of a South Africa
national consultative workshop
on the Protection of Personal
Information Act (POPIA)
Nkholedzeni Sidney Netshakhuma
Department of Records and Archives, University of Mpumalanga,
Mbombela, South Africa
Abstract
Purpose –This paper aims to assessthe Protection of Personal Information Act (No. 4 of 2013) (POPIA)in
South African(SA) universities sector with the objectiveto formulate code of conduct to improve compliance.
Design/methodology/approach –The case study approachwas used in this study. Data were collected
using interviewswith the SA universities’representativesduring the POPIA consultative workshop.
Findings –The results showed that most of the participants were not aware of the POPIA, lack of
collaboration between thelegal practitioners, records managers and archivist. Internalcontrol systems with
Information CommunicationTechnology (ICT) need to be in in place to provide informationintegrity and the
value of internationalintegrity with regard to the internationalstudents and staff.
Research limitations/implications –This paper is based on the first phase of the nationalconsultative
workshopwith 25 SA public universities held between January and November 2018. Thefindings of the study
are transferableto other sectors like health and infrastructure.
Practical implications –The findings are expectedto be instrumental to the formulation of universities’
code of conduct in linewith POPIA.
Social implications –The POPIA, if not properly implemented, can contribute to the violation of
informationintegrity of the international students with regard to researchand cultural exchange programme.
Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non-
Europeancountries to comply with the European UnionGeneral Data Protection Regulations (GDPR).
Originality/value –This study is useful to ensure consultation of the POPIA. Is also essential for the
POPIA to be alignedwith the international norms and standards suchas GDPR.
Keywords Universities, Code of conduct, Records management, Privacy, POPIA (Act 4 of 2013),
Promotion of access to information, Protection of personal information, Information integrity
Paper type Research paper
Introduction
This paper aims to assess the national consultative workshops organized by Universities
South Africa (USAF) in collaboration with the Department of Higher Education and Training
(DHET) to prepare for the implementation of POPIA. The POPIA aims to protect the privacy
rights determined by Section 14 of the Constitution of the Republic of South Africa, (Act,
No. 108 of 1996). The lack of significant time period for POPIA before the full compliance does
not translate that universities have done full preparation for the implementation of POPIA.
POPIA introduces conditions so as to establish minimum requirements for the
processing of personal information; to provide for the establishment of an Information
regulator to exercise certain powersand to perform certain duties and functions in terms of
GKMC
69,1/2
58
Received19 February 2019
Revised23 March 2019
23April 2019
Accepted22 May 2019
GlobalKnowledge, Memory and
Communication
Vol.69 No. 1/2, 2020
pp. 58-74
© Emerald Publishing Limited
2514-9342
DOI 10.1108/GKMC-02-2019-0026
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/2514-9342.htm
POPIA and the Promotion of Access to InformationAct 2 of 2000 (PAIA), to provide for the
issuing of codes of conduct, to provide for the rights of persons regarding unsolicited
electronic communicationsand automated decision making; to regulate the flow of personal
information acrossthe borders of SA.
The Information regulator gives the universities to complete discretion in deciding
whether or not to draft a code of conduct. Universities under the leadership of USAF
cooperated with the informationregulator to formulate a code of conduct for all universities
in compliance with POPIA.It is the role of the Information regulator to provideguidelines to
universities to developcodes of conduct or to apply codes of conduct.
Aim of the paper
The main goal of this article is to assess the readinessof SA public universities to implement
POPIA with regards to awareness, collaborations, protection of information integrity and
internationalintegrity.
Background information
POPIA has been promulgated on the 26 November2013 and all sectors including education
were given grace period to implement processes and procedures internally to ensure that
they comply with the requirement of the act. USAF embarkedon the National Consultative
Workshops with universities to prepare compliance with the POPIA. The Consultative
Workshops aimed to develop a code of conduct for public universities to comply with
POPIA. The universities sector was well represented by 25 attendees from 25 universities,
including the DHET. The invitations to the NationalConsultative Workshops were targeted
to legal practitioners and compliance officers. It was essential to engage the legal
practitioners early before the implementation of POPIA because their involvement will give
them a stake in the initiative’s success (Dederer and Swan, 2016). The author argued that
even other professionals from the universities such as archivists, and records managers
were supposed to be invited to the workshops. This is so because POPIA compliance
requires involvementof everyone from universities.
USAF National Consultative Workshops were aimed at developing a code of conduct.
USAf’s code of conduct Section 63 of the POPIA allowsan educational sector to issue a code
of conduct which must apply the principles of POPIA. Industry has the potential to self-
regulate, to complement or supplement for individual-level privacy protection (Turri et al.,
2017). The self-regulatory recommendations will lead to the information integrity. To
regulate sector and organizations privacy, many legal arguments and standards were
introduced (Ghorbelet al.,2017).The decision to embark on a process of developing a code of
conduct was motivated by a desire to optimize how personal information is used in the
Higher Education Industry (HEI), increasethe level of the protection of privacy and level of
compliance, ensure uniform and industry-appropriate implementation of the POPIA, and to
align the Information Regulator and the Higher Education of South Africa approach to
information governance.
The National Consultative Forum took place in Johannesburg, O.R Tambo International
Airport on5 January and 6 July2018. The workshops were an opportunityto raise awareness
to universities representatives anda forum for participants to discussthe need for changing
policies, procedures on management of personal information.The POPIA has been a subject
of much discussion in SA because of its impact on personal information and integrity. The
introductionof the POPIA forms a key elementto protect personal information.
The National Consultative Workshops were an achievement in that it represented the
attempt to discuss the issue of protection of personal information (POPI) in SA, and it was
Protection of
Personal
Information Act
59
To continue reading
Request your trial