Trade readies for implementation of POPI

THE expected

implementation date

of the Protection of

Personal Information (POPI)

Act is December 1, says

Pansy Tlakula, full-time

member and chairperson of

the Information Regulator.

From date of implementation,

businesses will have 12

months to comply.

With implementation less

than a year away, the big

question is, will the travel

industry be ready? Otto de

Vries, ceo of Asata, believes

that it will be, considering

that regular communication

has gone out to travel

agents over the last few

years. However, he says:

“Compliance is not simply

a process of ticking the

boxes – efforts to comply are

ongoing.”

Advocate Louis Nel says

agents who don’t comply

could face penalties of up

to R10m and possibly even

jail time. “Agencies must

audit their current structures

and documents and train

their staff.” Although not

a prerequisite of the Act,

Louis says it’s a statutory

obligation that agents also

join the new Consumer

Goods and Services

ombudsman.

Charmaine van Niekerk,

HR and operations director

of Club Travel, says the

company has already put

measures in place to comply.

“Club Travel’s employees sign

a confidentiality clause and

its Contracts of Employment

make specific reference

to the POPI Act and the

obligations of the employer

and employee. Upon

termination of service, our

ex-employees are reminded

that the contract remains

in effect. Client credit card

details are encrypted in our

back-office systems and we

have implemented firewalls

and other security systems

to prevent a breach of our

information systems. The

POPI Act is referred to in

our terms and conditions of

trading, which is brought to

the client’s attention before

trading,” she says.

“We are encouraging online

payment via credit card

through 3D-secure channels

to ensure clients’ information

is protected. Where this is

not possible, we swipe the

client’s credit card in store

to avoid having to take credit

card change forms (CCCFs)

and the required copies

of IDs and cards that the

airlines require us to collect

when accepting CCCFs,”

says Michelle Boshoff, gm,

Central Services of Pentravel.

She says taking payments

for airlines is an area of

concern, since the airline

is the merchant effecting

the transaction. To prevent

chargebacks for fraudulent

transactions, sensitive and

personal information needs

to be provided by the client,

“which concerns many of

them,” she says. However, as

credit card fraud is rife, she

believes the POPI regulations

are important.

For Charmaine, the main

concern is that the Act is a

‘one size fits all’ and has

not been well thought out

in terms of the practical

implementation across

several industries. “The

travel industry acts as an

agent for its customers and,

from necessity, has to pass

customer information on to

second-, third- and fourthparty

suppliers who do not

necessarily subscribe to the

Act,” she adds.

Kirsty Hutchinson,

marketing co-ordinator of

Reynolds Travel Centre, says

the agency will be visiting

each corporate client to

explain POPI in full and

how it will impact business.

“Clients will be made aware

that we will store their data

and at any time they can

request that their profile

be deleted. We have set

deadlines and are striving to

meet them.”

For agencies that haven’t

started the compliance

process yet, Gareth Cremen,

director of Hogan Lovells,

highly recommends getting

started, as the process is an

ongoing one. “Realistically,

parties will probably never

be 100% compliant, however

being able to prove that

they are as compliant as

possible will count in their

favour should they face any

penalties or legal action.”

Dont,t panic help is at hand 

For a quick guide series

on how to be compliant,

agents are welcome to

logon to the Asata member

page on the website or

contact Asata directly.