A Protection of Personal Information Act Compliance Framework for the City of Tshwane’s Fresh Produce Market.

Abstract

The Protection of Personal Information Act of 2013 (POPIA) is a law drafted to regulate the processing of personal information in South Africa. Its provisions include but are not limited to the usage of personal information for marketing purposes. While it was announced that enforcement of the law would commence in July 2021, many organisations are still in the process of reorganising themselves to comply with this important piece of legislation. Although the Information Regulator’s guideline document is available for utilization, organisations are struggling to develop POPIA compliance frameworks tailored to their operational requirements. As stated in section 6.2.1 of the Information Regulator’s guideline document, the act calls for the appointment of the an Information Officer by organisations who is required to develop, implement, monitor and maintain a POPIA compliance, framework. With that stated, this study aims to reports about developing a POPIA compliance framework for the City of Tshwane’s Fresh Produce Market. The study’s primary objective was to develop a POPIA compliance framework for the City of Tshwane’s Fresh Produce Market (TFPM) as a collector and processor of personal information. The study had three sub-objectives which were achieved using three research methods, namely literature review, content analysis and semi-structured interviews. Through a literature review, conditions that should be adhered to in relation to collecting and processing personal information were identified. Shifting the focus to the second sub-objective, a vigorous content analysis was performed to investigate the TFPM’s current method of collecting and processing personal information. The process involved evaluating the TFPM’s SOPs, Service Level Agreement, License Agreement, and the city of Tshwane’s Information Communication Technology Framework using the Nexia POPIA checklist. The evaluation results revealed a huge non-compliance gap with regard iii to POPIA and personal information conditions. Post development of the POPIA framework the study embarked on an expert review process with the top management of the TFPM to assess their view on the developed POPIA compliance framework.Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 202