Menu
The Ashley Madison fiasco- The ramifications of not complying with the POPI Act

The Ashley Madison fiasco: The ramifications of not complying with the POPI Act

On the 27th November 2013, President Jacob Zuma signed the Protection of Personal Information (POPI) Act into law. With such a broad scope, the POPI Act will affect almost every business in the country – especially companies planning events, which involve the storage of personal information of hundreds of guests. The ramifications of not protecting sensitive information stringently enough was demonstrated by the recent Ashley Madison debacle, where millions of members had their cardholder data breached.

The Act affects the processing of any kind of personal information of “identifiable, natural, living person[s] and juristic person[s] (companies, CCs, etc”, including contact details, demographic information, medical and employment records and even personal correspondance. After a commencement date is set, businesses will have one year to become fully compliant with the Act.

Millions of Ashley Madison’s users had their person information leaked

In July this year, dating website Ashley Madison (made famous by the fact that it facilitates extramarital affairs) was hacked by a group calling themselves The Impact Group. Millions of users’ account information was stolen and later leaked. The aim of the breach was to try and force the dating website’s parent company Avid Life Media (ALM) to shut down after The Impact Group accused ALM and its members of “fraud, deceit, and stupidity”.

Enforcing strict data processing policies could have avoided the data breach

The reason this hack was possible in the first place was due to ALM’s policy of storing users’ real names, email addresses, real addresses and credit card transactions indefinitely. If a user wants their account deleted, they must pay the equivalent of R253 – and even after the account has been deleted the company still keeps their data. The data leak that occurred on the 18th and 20th of August proved this. According to the technology blog The Verge, the company made R2.3 million in 2014 from this erroneous delete option.

Complying with the act will benefit your organisation in the long term

The Ashley Madison data leak didn’t only create bad press for the company – it had terrible implications for its users. The risk of data breaches – including fines, legal issues and damage to your company’s image – is reduced by complying with the POPI Act. Complying with the act demonstrates you operate with complete transparency, instilling greater confidence in your customers and stakeholders. By complying with POPI you’ll be only be storing data you absolutely need and destroying that which you don’t. This will help improve the integrity of your databases.

How you comply with POPI depends on the nature of your organisation

There are different requirements for complying with the POPI Act depending on the nature of your organisation. Even though your company might operate in a highly regulated environment and comply with other regulations relating to protecting sensitive personal information, it might not satisfy all the POPI Act criteria. You will still be required to comply with the POPI Act in full.

Prepare to become POPI Act compliant sooner rather than later

Many firms underestimate the amount of work required to become POPI Act compliant. While in South Africa we are still awaiting confirmation for the date that the POPI Act will come into effect, companies would do well to begin working towards becoming compliant with the act. The Ashley Madison fiasco is one of the worse potential scenarios that can ensue from failing to protect personal information.

 POPI Act compliance is an important part of event planning

Planning an event involves pooling as much information about your guests’ and their preferences as possible. You do this to ensure you create an event that both resonates with them and achieves your marketing objectives. Even basic information like names, email addresses, dietary requirements and spouse names needs to be protected and processed in line with POPI requirements. By using corporate event planning software that’s POPI Act compliant, you can rest assured that any data you manage with it complies with the act.

For more information about how POPI compliant corporate event planning software can help you avoid the nightmare of not processing and protecting sensitive information securely.

Get your FREE guide to turning your events into
marketing gold!

Enter your details below and we will send over some magic for you to use. By entering your details below you
consent to receiving our mailers. *No spam we promise. Only valuable tips and updates.

Name(Required)

Related Posts

Privacy settings

Decide which cookies you want to allow. You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function. Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

  • Block all
  • Essentials
  • Functionality
  • Analytics
  • Advertising

This website will:

This website won't:

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms, newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.
  • Advertising: Gather personally identifiable information such as name and location
  • Remember your login details
  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms, newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.
  • Advertising: Gather personally identifiable information such as name and location
Save & Close