Assessment of a South Africa national consultative workshop on the Protection of Personal Information Act (POPIA)

Abstract

Purpose This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance. Design/methodology/approach The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop. Findings The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff. Research limitations/implications This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure. Practical implications The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA. Social implications The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR). Originality/value This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.