Cybersecurity and POPI – what you need to know

cybersecurity and popi

Not to be overly sensationalist or anything, but cybercrime is evolving, says a recent ITProPortal blog article, with one of the main threats being to small businesses and their data privacy. 

The guys at ITProPortal point out that along with the improved sophistication of our digital gadgets and toys has come an increased opportunity for data breaches via a widening array of digital end-points. Think about it: data can now be accessed via smartphones, tablets, smartwatches and security systems –  essentially through any ‘connected’ device that is being used to store, capture or retrieve personal information. 

When it comes to the Protection of Personal Information (POPI) Act, online data breaches are no laughing matter. What businesses do to protect the personal information that they collect from their clients or customers is incredibly important. This includes any information collected from guests attending your corporate events.

How does the POPI Act translate to the real-world handling of your guests’ information?

One of the most important things to remember about the POPI Act is that it holds you, the event organiser, ultimately responsible for securing the integrity and confidentiality of any personal information entrusted to you by your guests – whether collected by electronic or manual means. You are expected to take every measure to:

  • Prevent the loss of, damage to, or unauthorised destruction of, guests’ personal information;
  • Prevent the unlawful access to, or processing of, guests’ personal information.

And an important FYI –  according to the POPI Act, processing any personal information for direct marketing purposes through unsolicited electronic communications is also considered unlawful (see Chapter 8 of the POPI Act for more information).

If you are in the habit of sending unsolicited electronic communication to guests listed on your event database, then best you supply them with an address or other contact details that they can use to opt-out of such communications.

POPI Act compliance requires daily actions on the part of event organisers

The POPI Act stipulates that those collecting personal information are responsible for both identifying any potential data breach risks and establishing and maintaining the necessary safeguards to prevent such breaches from happening.   

Establishing safeguards for POPI compliance is not a once-off activity. As an event organiser, you are expected to:

  • Regularly confirm that these safeguards are working effectively;
  • Use the appropriate updates for any new risks or de?ciencies that are discovered in the previously employed safety measures.

In short, as an event professional, you are required to know about and apply the generally accepted security practices for the handling of personal information. You are also expected to know and apply the security practices that are specific to the events management industry.

Password protection and secure data storage –  what you need to know

As discussed in a previous blog, you as an event organiser will need to ensure that all of your content management systems (including laptops, intranets and software) are password protected. This is to protect your guests’ personal information.

Your event management software also needs to be POPI Act compliant

All of your efforts to comply with the Act will be in vain if you’re not making use of Event Database Software that’s also POPI Act compliant. This software needs to allow for the secure storage and handling of guest information. This is required from the moment you access your database to the day that you wrap up all event proceedings and start planning for your next event.

Event compliance entails a multitude of considerations. Put your mind at ease and download our Event Compliance Checklist to make sure your events remain on the right side of the law.

Image Credit: