Organizational information privacy strategy and the impact of the PoPI Act

Marc Pelteret*, Jacques Ophoff*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
236 Downloads (Pure)


In today's knowledge-centric society, personal information is one of the key resources of most businesses. Because of this, maintaining the privacy of personal information has become an important topic. Many countries have enacted, or are in the process of enacting, legislation to govern this. South Africa is addressing privacy concerns through the Protection of Personal Information (PoPI) Act, which imposes heavy penalties for non-compliance. This paper examines current organizational information privacy strategies and what impact the PoPI Act is making. Using a case study approach, data was collected from five organizations in the South African financial services industry. The findings offer insight into the complexities of forming and executing a privacy strategy, as well as the difficulties around complying with legislation. The PoPI Act has influenced the organizations to varying degrees, with some simply assessing its impacts and preparing to implement changes at a later point, while others have been making changes for many years. One of the key challenges that was highlighted is that it is based on principles and therefore open to interpretation. However, for most of the organizations it appears to offer benefits, such as the opportunity to bring more international business to South Africa.

Original languageEnglish
Title of host publication2017 Information Security for South Africa
Subtitle of host publicationproceedings of the 2017 ISSA conference
EditorsHein S. Venter, Marianne Loock, Marijke Coetzee, Mariki M. Eloff, Jan H.P. Eloff
Number of pages10
ISBN (Electronic)9781538605455, 9781538605448
ISBN (Print)9781538605462
Publication statusPublished - 1 Aug 2017
Externally publishedYes
Event2017 Information Security for South Africa Conference - Johannesburg, South Africa
Duration: 16 Aug 201717 Aug 2017


Conference2017 Information Security for South Africa Conference
Abbreviated titleISSA 2017
Country/TerritorySouth Africa


  • Privacy
  • Information privacy strategy
  • Protection of Personal Information (PoPI)


Dive into the research topics of 'Organizational information privacy strategy and the impact of the PoPI Act'. Together they form a unique fingerprint.

Cite this