Anthony Olivier, Performanta ConsultingAnthony Olivier, Performanta Consulting


Everywhere, people want to talk about privacy. Or, more precisely, the Protection of Personal Information (POPI) Act, 4 of 2013.

I get less interest – or recognition - when I mention Rica; or equally precisely: The Regulation of Interception of Communications and Provision of Communicationrelated Information Act, 70 of 2002. Which is enlightening: they both pertain to personal privacy rights, both constrain the behaviours of organisations, and both require similar governance behaviours.

RICA is, perhaps, not as marketable as POPI when selling solutions. Or it appears less relevant: applying to police interception perhaps. But, actually, the ambit of the Act is quite clear. Section 2 states: no person may intentionally intercept or attempt to intercept or authorise or procure any other person to intercept, attempt to intercept at any place in the Republic any communication in the course of its occurrence or transmission.”

To be blunt: this means you. And I. And every other organisation that chooses to monitor the activities of its staff – including those activities which could place the organisation at risk of compromising confidential information.

This is a good way to express this point: privacy is not a one-Act wonder. It rests at the intersection of multiple Acts, ranging from the Constitution onwards; and while many of these Acts concur, there are occasionally contradictions – and complexities such as RICA. We must monitor to ensure we satisfy POPI – but we can’t monitor without regard to RICA.

Like POPI, RICA is not absolute: it allows interception to occur within certain constraints. Where POPI needs an information officer, RICA needs a system controller. And similar to POPI, key controls can be implemented quickly and with little to no cost.

But the one gets attention and the other is barely noticed in the private sphere. And both matter.

About the author: is the MD of Performanta Consulting, event sponsor of the ITWeb Security Summit, taking place from 27 – 29 May at the Sandton Convention Centre. Book your seat at www.summit.co.za. Follow #itwebsec