Personal Privacy Score (PPS)

Only collect and retain personal information that is genuinely necessary for a specific, defined purpose. Regularly review what you hold and securely delete anything that is no longer needed. Unnecessary data is unnecessary risk.

Verify that the personal information you hold is accurate, complete, and up to date. Store it securely — using encryption, access controls, and locked storage where appropriate — to prevent unauthorised access or accidental disclosure.

Protect your accounts and devices with strong, unique passwords, full-disk encryption, and multi-factor authentication (MFA). These three measures alone eliminate the majority of common attack vectors used to compromise personal information.

Periodically review and tighten the privacy settings on your online accounts, devices, and applications. Ensure your operating systems and apps receive security updates promptly — patches address known vulnerabilities that attackers actively exploit.

Avoid sharing sensitive personal information on public forums, comment sections, and social media. Before posting anything about another person, consider whether you have their consent — POPIA requires it. Once information is online, it is extremely difficult to fully retract.

Never conduct sensitive transactions — banking, accessing work systems, submitting personal information — over public Wi-Fi without a VPN. Only download apps and software from official, verified sources. Unverified downloads are a leading cause of malware infections and data theft.

Always obtain explicit, informed consent before sharing another person's personal information with third parties. Under POPIA, consent must be specific — the person must know what information is being shared, with whom, and for what purpose. In the event of a data breach, notify affected individuals and the Information Regulator promptly.

Under POPIA, you have the right to access, correct, and object to the processing of your personal information. If an organisation misuses your data, you can lodge a complaint with the Information Regulator at inforegulator.org.za. Knowing your rights is the first step to enforcing them.

Install reputable antivirus and anti-malware software on all your devices and keep it updated. Maintain regular backups of important personal data using both cloud and physical storage. A current backup is the most effective protection against ransomware and device loss.

Confirm the accuracy of information before sharing it online. Misinformation containing personal details about real people can cause serious harm — reputational, financial, and physical. Use credible sources and fact-checking tools such as Africa Check before sharing anything that involves another person's information.

Never share personal information — ID numbers, banking details, passwords, medical records — via standard SMS or unencrypted email. Use end-to-end encrypted messaging platforms, password-protected documents, or secure file transfer services. The channel matters as much as the content.

Be alert to emails, SMS messages, and websites that impersonate trusted institutions and request personal information. Verify unexpected requests through official channels before clicking any link or providing any details. South Africa has one of the highest rates of phishing attacks in Africa — vigilance is essential.

Keep up to date with POPIA and related privacy legislation. The Information Regulator publishes guidance, enforcement notices, and regulatory updates at inforegulator.org.za. Understanding the law empowers you to hold organisations accountable and to make informed decisions about your own personal data.