Practical guides on Information Governance, POPIA compliance and AI risk for South African businesses.
Information Governance is the set of policies, processes and controls that determine how an organisation manages, protects and uses its information assets.
Read article →When employees paste client data, employee records or confidential files into AI tools, they may be committing a POPIA violation - whether they know it or not.
Read article →Stopping confidential data from reaching AI tools requires a combination of policy, training, technical controls and ongoing monitoring - not just a memo.
Read article →Poor file naming is one of the most underestimated governance risks. When no one can find a document, or cannot tell what is in it without opening it, governance breaks down.
Read article →Most South African businesses face the same ten governance risks repeatedly. Understanding them is the first step to building a defensible information governance programme.
Read article →Accounting firms handle some of the most sensitive personal and financial information of any profession. POPIA compliance requires more than a privacy policy.
Read article →Municipalities are responsible parties under POPIA and must comply with PAIA. The volumes of personal information held by local government create significant compliance obligations.
Read article →HR functions process more categories of special personal information than almost any other department. Health records, disciplinary history, remuneration and performance data all require heightened protection.
Read article →Law firms hold privileged, confidential and personal information under a unique duty of care. POPIA compliance intersects with professional privilege and the rules of the Law Society.
Read article →Insurance brokers process sensitive financial and personal information under obligations from both POPIA and the FSCA. A data breach can cost you your FSP licence.
Read article →A repository health assessment gives organisations a measurable, evidence-based picture of how well their documents are named, classified and stored.
Read article →Most South African organisations have either no AI policy at all, or a policy so vague it provides no real protection. Here is what a defensible AI policy must cover.
Read article →POPIA gives individuals strong rights over their personal information. Every organisation must have a process for receiving, verifying and responding to these requests within statutory timeframes.
Read article →Every time an employee uploads a work file to an external platform, that file leaves the organisation's control. Most organisations have no visibility into how often this happens.
Read article →Bank statements contain some of the most sensitive personal and financial information held by any organisation. Their sharing must be tightly controlled and documented.
Read article →Scanned ID documents are collected routinely across South Africa for FICA, onboarding and verification purposes. Most organisations have no controls for what happens to them afterwards.
Read article →Tender documents contain commercially sensitive information about bidding companies and their pricing strategies. Leaks cause regulatory violations, legal liability and competitive damage.
Read article →Board documents contain the most strategically sensitive information in any organisation. Their governance requires specific controls beyond standard document management.
Read article →Approval workflows create an audit trail for sensitive information actions. They prevent unilateral decisions, reduce human error, and demonstrate governance maturity to regulators.
Read article →Document classification is the process of assigning a sensitivity level to every document in your organisation. It is the foundation of all other governance controls.
Read article →Information governance is the set of policies, controls and practices that determine how an organisation creates, stores, uses and deletes information. In South Africa, POPIA makes it a legal requirement.
Read article →ChatGPT is used by millions of South African workers daily. Most of them have never been told what they may not paste into it. That is a POPIA violation waiting to happen.
Read article →Accounting firms hold some of the most sensitive personal and financial data in any sector. They are also among the most exposed organisations for client data risk.
Read article →A file named 'ID scan.pdf' tells you nothing about what it contains, who it belongs to, or how sensitive it is. That ambiguity is a POPIA risk.
Read article →Telling staff not to upload files to AI tools is not enough. You need policy, training, classification and technical controls working together to make prevention effective.
Read article →