The Protection of Personal Information (PoPI) act is expected to become law in South Africa by the middle of 2013, bringing the country in line with international data protection laws. Organisations that already follow good practices in the way they manage and store personal information about shareholders, employees, customers, suppliers and so on will be well positioned to demonstrate their compliance with PoPI.

But those that have neglected information governance over the years face a scramble to meet the law’s stringent requirements about how they handle sensitive customer information such as names, addresses, e-mail addresses, ID numbers, employment history, and health data.

As with most data privacy and information governance laws, the impact of PoPI on Enterprise Content Management (ECM) comes down to data classifi cation, says Andrew Kirkland, country manager at Trustwave South Africa. Companies will need to look at their existing policies, procedures and systems to ensure they meet PoPI’s requirements.