Governmental legislation directs and guides the manner in which organisations and individuals manage their information. This has a direct impact on the development of organsiational policy and procedures. An individual’s awareness of such legislation is of utmost importance in order to understand how individuals use information.
The research problem is focussed on the awareness of information legislation by average South African first year student. The study goes on to further investigate how awareness impacts the manner in which users apply the knowledge to everyday use of their personal information.
The study utilised a mono-method and quantitative methodological framework. The data collection instrument was a survey in the form of a questionnaire. The survey was conducted amongst 2017 undergraduate student and repeated in 2018.
The young adult demographic, of which the sample of undergraduate university students, findings indicated that the increase in awareness of Protection of Personal Information, Promotion of Access to Information and Regulation of Interception of Communication Act legislative acts directly impacted the students’ ability to manage and share their information more strategically. Students’ knowledge of the acceptance of the acts into legislation was not of great importance; however, the use of the acts concerning their personal information proved to be of greater significance.
The study’s findings confirmed that the sample had been introduced to the idea of information legislation and that their awareness of the legislation does in most cases affect their use and management of their personal information. It also revealed that an in-depth knowledge of the legislation was not a necessity rather an overall understanding of the legislation was important. Recommendations for future studies arose from the study.
The urgent need to comply with legislative acts that are passed by the South African government is imposing the shift, on the average South African organisation to ensure that they are up to date with the new laws. South Africa Institute of Chartered Accountants (SAICA
The Guardian (
The 4IR has introduced its nine pillars: internet of things (IoT), big data and analytics, cloud computing, social media, augmented reality, autonomous robots, simulation and horizontal and vertical system integration (Eslamzadeh, Jassbi & Cruz-Machado
There are many legislative acts that have been passed into law by the South African government. Some of the acts stipulate how organisations should seek to address the governance of the information that is collected, stored and accessed. These acts govern the manner in which organisations must seek to manage the general and personal information of South Africans.
Data theft is a crime that is experienced globally. The European Business News (2018) reported that 39% of European businesses have been victim to data theft, and they pay exorbitant amounts per attack. This directly affects the manner in which Europe now identifies and manages the use of its data. Shillibeer (
New regulation made it necessary for every organisation to ensure the data they keep is secure. Surprisingly, our research shows European companies have invested the least globally in technology, which can prevent data theft. This could be a reason as to why the region had the most data stolen. In the year ahead, it will be interesting to see how European companies will prevent data theft and avoid regulatory fines.
According to the IBM (
Pahnila, Siponen and Mahmood (
With organisations now being forced to comply with legislation, it is of utmost importance that there is an awareness about the said legislation. The typical information legislation seeks to instruct organisations on the proper conduct when gathering, storing, sharing, using and even destroying information. Three such legislative acts include POPI,
According to POPI (2013) organisations behaviour in the processing of another entity’s personal information must be conducted in a responsible manner. As such, these organisations must seek to comply with the legislative regulations or else they would face legal action. Promotion of Access to Information Act (2000) was signed into law to exercise the constitution’s bill to ensure that information held by the state and information held by private bodies are accessible in the protection of the rights of South Africans.
Companies seek to comply with legislation by incorporating legislative acts into the organistional policies. These policies are filtered down through management. According to Adu-Oppang and Agyin-Birikorang (
Awareness of information legislation, need not always begin within the organisation, thus the concept of, is the average university student knowledgeable of legislation and more so does the awareness change the behaviour when using information.
The research problem is focussed on the information legislation awareness of users, with the unit of observation being the first year information management students of the University of Johannesburg. The students in this sample typically fell within the 18–25 year age group.
Whilst maintaining ones information privacy in a society that is believed to be caught up in the social media lifestyle, it is perceived that the young generation is unaware of matters such as information privacy and information transparency (Hoofnagle et al.
Social media platforms are required to comply with information privacy and transparency laws, both globally and as per the country’s legislation. Within the Republic of South Africa this would include POPI and PAIA. As the young people are exposed to social media platforms, they are forced to agree with information privacy and transparency terms and conditions. Thus, increasing the chances that young people are in some way aware of their legislation that guides the privacy terms and conditions (Nkosi
The number of mobile phone users in South Africa who’ve registered their network connection or sim cards in accordance with the new Regulation of Interception of Communication Act (RICA) has jumped to over 37-million.
It indicates that 95% of South Africans are RICA registered. As many young people have access to a cellular device, there is an expectation that they have become aware of the RICA legislation.
The quantitative research design was best suited for this study, with the survey utilising the form of a questionnaire. The quantitative research design serves as a tool that allows for consistency in the study. The positivist philosophical paradigm allowed natural relationships to be revealed through the data.
A deductive research approach was used that allowed the researcher to extrapolate conclusions based on the accepted facts. The questionnaire was utilised as the data collection tool.
The methodological framework in this study was mono-method quantitative. This was used to investigate which information-related legislation students were aware of and how their awareness affected their use of information. A convenience sampling technique was used in this study through access to the first year information and knowledge management students over a 2 year longitudinal period. All findings were represented in a quantitative format, typically represented in graphs. The study employed the use of a pre-intervention and a post-intervention data collection method. An information legislation intervention was also conducted.
The survey used in the 2017 study was not modified for the purpose of comparing results longitudinally. The survey was rolled out to the first year information management 2018 students. In both years the survey was deployed in a hard copy form to the information and knowledge management undergraduate first year students at the University of Johannesburg.
The questionnaire consisted of 23 questions and a general comments option. All questions were delivered in a multiple-choice style, allowing students the opportunity to choose an appropriate answer.
The findings of the 2017 survey were presented at the Academy of World Business Marketing Development Conference in Athens, Greece. The findings of the 2018 survey were presented at the ECKM 20th European conference on Knowledge Management in Portugal. This article will compare and discuss the findings of these two data collection instances.
Convenience sampling according to Saunders, Lewis and Thorhill (
The University of Johannesburg’s information and knowledge management first year undergraduate students formed the object of observation. In both 2017 and 2018, the survey was made available to the students twice in the first 6-month semester. In both instances, a physical survey was handed out in class.
Respondents were asked to indicate whether they were aware of the following acts: POPI, PAIA and RICA. The questions were posed to indicate if respondents were firstly aware of the acts by their acronym, next they were engaged with whether or not they knew when the acts were signed into law and finally questions addressing the respondents understanding of the acts and how the acts affected the use of their information.
For the year 2017, there was a total population of 347 information and knowledge management first year students on the main campus. In
Total respondents for the year 2017 and 2018.
The pre-intervention responses to the acronyms POPI, PAIA and RICA are identified (
Pre-intervention responses to acronyms Protection of Personal Information,
Post-intervention responses to acronyms Protection of Personal Information,
For the pre-intervention (
For the acronym PAIA, it is evident that 67% respondents were not aware of the acronym in 2017; similarly 2018 saw 78% respondents who were not aware of the acronym PAIA.
For the acronym RICA, the pre-intervention reveals that in both 2017 and 2018 the respondents’ were mostly unaware of RICA. A total of 62% of respondents in 2017 and 66% of respondents in 2018 were unable to link the acronym to the correct title.
The general trend that is reflected from the findings concerning the acronym is that majority of individuals do not necessarily come into contact with the acronyms in their everyday living. This brings to attention the concern that the acronyms are generally the first point of contact that is made with the act. With the respondents being first-year university students,
The indication of the respondents’ knowledge of the acronyms post-intervention results for POPI, PAIA and RICA is depicted (
The post-intervention results for the year 2017 revealed that 70% of the respondents were aware of acronym PAIA and 77% of the respondents were aware of this acronym in 2018.
For 2017, the RICA acronym post-intervention revealed that an astounding 87% respondents improved knowledge of the affiliated RICA acronym and in 2018 a remarkable increase to 78% improved knowledge of the affiliated acronym. This indicated a clear development in the respondents’ awareness of the affiliated acronym.
The respondents’ pre-intervention knowledge of the Acts (POPI, PAIA and RICA) acceptance into the South African legislation is depicted (
Pre-intervention response to acronyms Protection of Personal Information,
Post-intervention responses to acronyms Protection of Personal Information,
For 2017 and 2018,
With 2017 seeing 93% of respondents and 2018 reflected 69% of respondents’ lack of knowledge of when the POPI Act was accepted into legislation.
The respondents’ basic pre-knowledge of the acceptance of the PAIA Act into legislation is poor. This is evident as 2017 reflects 87% of respondents and 2018 shows 75% of respondents not knowing when the promotion of access to information had become part of their legal rights.
Findings reveal that respondents took little to no interest in the acceptance of RICA into legislation. With 92% of respondents’ in 2017 and 71% of respondents’ not knowing in which year RICA was accepted into law.
It is evident that as much as the acts are influencing the average South Africans, many do not take time to read up and become knowledgeable about the acts.
The basic knowledge of the POPI Act being accepted into legislation sees substantial change. An increased knowledge between the 2 years is revealed (
The effectiveness of the intervention for PAIA is evident in both 2017 and 2018. The intervention has a shift in 2017 to 94% of respondents and 2018 saw 80% of respondents new found knowledge of when the act was accepted into the legislation of the Republic of South Africa.
For both 2017 and 2018, the intervention proved to be successful in developing the awareness of the RICA act. The years 2017 and 2018 saw a remarkable shift with 91% of respondents in 2017 and 85% of respondents in 2018, showing a new found interest in the RICA Act.
The respondents’ practical knowledge of application of POPI, PAIA and RICA for pre-intervention and post-intervention is depicted (
Pre-intervention application knowledge of Protection of Personal Information,
Post-intervention application knowledge of Protection of Personal Information,
The POPI pre-intervention results were something to take note of because in both years the pre-knowledge about this Act was very high. It indicated that respondents were highly aware of the idea of protecting their information. In 2017, 71% of respondents were unable to correctly indicate the proper application of the POPI Act. In 2018, 65% of respondents were able to correctly indicate the proper application of the POPI act. The results indicate that respondents came into contact with the concept of protecting their information, it was often enough to make the link to POPI.
For the PAIA pre-intervention, in 2017 a total of 73% of respondents indicated an incorrect understanding of PAIA, and in 2018, 82% of respondents indicated they did not know how to correctly apply PAIA.
The application of RICA is of significant interest as the likeliness of respondents’ coming into contact with this Act is very high. A total of 60% of respondents in 2017 indicated a poor understanding of the application of RICA and 40% of respondents showed they were able to understand the application of RICA. An interesting shift is seen in 2018, with 94% of respondents indicating they knew the application of RICA and 6% of respondents showed they did not understand how RICA is applied.
The impact of the intervention on respondents who were already quite knowledgeable about the application of POPI is revealed (
The post-intervention application for 2017 revealed that 72% of respondents indicated the correct application of PAIA. The impact of the 2018 intervention could be seen as a failure, with 51% of respondents not being able to apply PAIA and 49% of respondents acknowledging the proper way to apply PAIA.
The 2017 RICA post-intervention reflected as follows: 51% of respondents were unable to apply RICA correctly and 49% of respondents showed a good understanding of RICA application. The year 2018, saw 96% of respondents with a new found knowledge on the application of RICA and a minor 4% still unable to apply RICA correctly.
The comparative analysis was drawn as such the following was evident. Here is a comparison between the correct answers between the pre-intervention and the post-intervention as per the acronym, the year and the application. The general trend concerning the acronym can be clearly defined as the following:
Protection of Personal Information acronym showed a positive 80% for 2017 and a 64% difference between the pre- and post-intervention.
Promotion of Access to Information Act acronym showed a positive difference of 37% for 2017 and a 55% difference for 2018.
Regulation of Interception of Communication Act acronym revealed a positive difference of 49% for 2017 and 44% difference for 2018.
The acronyms are generally seen as the first point of contact that individuals would make with the legislation acts. Thus, it is the assumption that if one has a general introduction to the acronyms, it would lead to some form of understanding of the act. The acronym is successful as they are related to the cause, function and meaning (Aronson
When looking at the trends concerning the ability of respondents to correctly apply the acts, the following differences were presented:
The application of the POPI act revealed a positive 39% difference for 2017 and a 25% positive difference for 2018.
The application for the PAIA act revealed a positive 45% difference for 2017 and a 31% positive difference for 2018.
Concerning the application of the RICA act, although a small difference of 9% for 2017 and a minor 2% for 2018, 2018 proved that respondents were far more informed about RICA and 2017. It was also evident that in 2017 the intervention had not been as successful as for POPI and PAIA. Ornstein and Hunkins (
The trends presented by the findings in relation to respondents’ vested interest into the information-related acts in terms of the year the acts were approved into legislation are as follows:
Protection of Personal Information year shows a remarkable 89% positive difference for 2017 and substantial 50% positive difference for 2018.
Promotion of Access to Information Act year shows a positive 81% difference for 2017 and a positive 55% difference for 2018.
In addition, it is imperative that effective public awareness of the acts become a central theme for the South African public. According to Hortan (
The nature of the longitudinal study was set out to identify the knowledge base of undergraduate university students concerning the following information Acts: POPI, PAIA and RICA. The analysis of the data from the two samples, surveyed in 2017 and the other in 2018, it was found that in the pre-intervention the 2017 group of students had been exposed to the acts and had a greater knowledge compared with the pre-intervention students in 2018.
The intervention in 2018 yielded positive outcomes in terms of the acronym pre-intervention. The impact of the intervention was largely positive for POPI and PAIA.
Overlooking the three acts, the act that students were most aware of was POPI. Students revealed that they were aware of the acronym POPI and were able to apply it correctly. The students’ knowledge of when the act was accepted into legislation was not something important to them.
This was a finding for all three acts that students did not find the need to know the in-depth knowledge of when the acts were accepted into legislation; rather they were primarily focussed on being aware of the acts and acknowledging how to apply the acts to their personal use of information.
The findings support this notion in the sense that the awareness and exposure to the acronyms and the application of the acts are by far the greater need than having an in-depth knowledge of the legislature acceptance of the act.
It was also worth noting that for both 2017 and 2018, there was a small group of respondents who did have in-depth knowledge and awareness of the acts. This indicated that students were exposed to the concepts of information protection, information transparency and the regulation of information by the government.
The expectation that awareness around RICA would be much higher amongst the demographic of ‘young adults’ use of mobile devices is quite high was surprisingly the opposite. The reason for this expectation is because of the fact that upon purchasing a mobile device, a cellular network requests that the cellular device follows the protocol to ensure that it complies with RICA. The chances of the users being knowledgeable about RICA should be higher. For both 2017 and 2018, it was evident that for the acronym, the year and the application, the students lacked awareness.
The government should better strategise when looking to develop the knowledge base and awareness of young people and when dealing with their understanding and use of information. Young people are forced to manage their information once they are recognised at the age of 18 as adults, as such their awareness of the manner in which they gather, store and share their personal information is imperative when seeking to conduct business in the information age.
The value that is brought by this study is the application awareness sets itself as the core to how individuals understand and use the legislation that is linked to information usage. The information management sector need not just know about the legislation, but rather they should seek to understand how to implement information legislation in the work space.
The study still possesses some unanswered questions, such as the awareness versus everyday application of the acts. For example, with POPI, students may be aware of POPI; however, the question is how do they apply their knowledge with the information privacy acceptance of downloading apps onto cellular devices, accepting information privacy terms and conditions on social media platforms.
The nature of the study can in future be presented to the older age groups and it could further branch out to more information-specific usage environments.
The author would like to thank everyone who participated in the distribution, collection and the answering of the questionnaires.
The author has declared that no competing interest exists.
J.A. is the sole author of this research article.
This article followed all ethical standards for research without direct contact with human or animal subjects.
This research received no specific grant from any funding agency in public, commercial or not-for-profit sectors.
Data sharing is not applicable to this article as no new data were created or analysed in this study.
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of any affiliated agency of the authors.