The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle major credit cards. Compliance with the PCI DSS would likely satisfy POPI’s requirement for ‘appropriate, reasonable, technical and organizational measures to prevent… unlawful access to… personal information’ (s19) as far as credit card information is concerned

However, POPI is concerned with much more than information security. It covers, for example, limiting the amount of information collected, providing notice to the data subject, careful consideration of the purpose for which the information is processed etc. Furthermore, POPI covers all personal information not just financially relevant information.

That said, a lot of the measures in the DSS are about protecting IT networks and systems, for instance, firewalls,  anti-virus, security testing of systems, having a security policy etc. The existing discipline of compliance with the PCI DSS could be leveraged to bring all personal information into a secure environment.