Information governance

The Companies Act provides that a director must exercise powers and perform the functions required of and assigned to directors in good faith, for a proper purpose, in the best interests of the company and with the degree of skill, care and diligence that may be reasonably expected of a person carrying out the functions of a director and having the general, knowledge, skill and experience of that director. It is also statutorily required of a director to take reasonably diligent steps to become informed about how a director must exercise his or her responsibilities.

Information is the lifeblood of every modern business. As such it is incumbent upon directors in fulfilling their function to take responsibility for information and communications technologies used by a company in the course of its business in processing information and for the information itself.

The obligations of the processing information appropriately and providing adequate security safeguards in the processing of personal information are brought into sharp focus by the Protection of Personal Information Act. Directors should be aware of their obligations in terms of the Companies Act, as amplified by the King III report, and all other relevant information-related legislation and regulation governing the company’s business.

Privacy Online assists boards in understanding their obligations, and the directors’ oversight of the management, security and protection of personal information in general, and the specific obligations relating to the processing of information, including personal information, that may be central to a company’s business.