As you may have seen, President Cyril Ramaphosa has announced that the Protection of Personal Information Act (POPIA) comes into effect on 1 July 2021. This means that we have until 30 June 2021 (12 months) to ensure that all University activities that involve personal information are fully aligned with this Act.

POPIA compliance was one of the main drivers in establishing the Information Governance and Privacy Protection (iGaPP) programme at the beginning of 2019. This programme establishes a sustainable, decentralised model of information governance at the University and compliance with information-protection legislation such as the POPIA.

Phase 1 of the iGaPP programme has established many of the roles and structures required to manage information effectively across the University. The necessary information governance policies have been developed, including the Protection of Personal Information (Privacy) Policy (attached). This policy was approved by the Executive Committee on 7 April 2020 and is available on the Policies page of the staff intranet under the Governance tab. 

The iGaPP programme is now focused on the implementation of our Information Governance policies across the University, and these activities will move us towards compliance with the POPIA.

The iGaPP team is currently performing iGaPP assessments on the critical information processes in the Professional Service departments as they are, in most cases, the owners of institutional information. Risks will be identified and plans will be developed to comply with the iGaPP policies supported by the Institutional Information Governance (IIG) team.

Faculties are mostly regarded as information users, and therefore the approach for doing iGaPP assessments in the academic environment will differ slightly. A decision was taken by the Registrar, who is also the Programme Sponsor, and the iGaPP project team to perform the iGaPP assessments in Faculties in 2021.

The iGaPP webpage has been launched: https://www.up.ac.za/iGaPP-programme.

The aim of the website is to inform internal and external stakeholders about the iGaPP programme and its progress, and to establish the University as a thought leader in the field of information governance and privacy protection in higher education.

The privacy notices have also been approved and published on the iGaPP webpage: https://www.up.ac.za/iGaPP-programme/article/2720023/privacyup

At the sector level, Universities South Africa (USAf) commissioned a POPIA Industry Code of Conduct for public universities in 2018. Please find the Code attached. USAf will start a stakeholder engagement process to review the Code and to decide whether or not to apply for accreditation. In the interim, the Code of Conduct will function as a guideline.

If you have any questions or concerns regarding POPIA or how personal information is managed in your area, please contact Janine Esterhuizen on [email protected]

Thank you,

Professor Tawana Kupe

Vice-Chancellor and Principal