News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

No more data loss cover-ups for SA business

South Africa has an historical culture of non-disclosure and cover-ups when it comes to data loss and data breaches, but the Protection of Personal Information (POPI) Act will force much greater transparency.
Jos Floor
Jos Floor

The Act establishes eight data protection principles or conditions, one of which is that responsible parties must take appropriate measures to prevent loss of data, or unauthorised access to data. Then, if there are reasonable grounds to believe that someone who is not authorised has accessed or acquired your data, you must notify both the regulator and the data subject.

For example, imagine someone leaves an unencrypted flash drive or laptop in his car and it is stolen. If there was any kind of data on that drive or laptop that is covered by POPI, there is a clear obligation to report. The penalties for non-disclosure can go up to R10 million.

No longer an option

The legislation means the end of attempts to keep data breaches and data losses under the radar. A lot of companies prefer to deal with things quietly, and in some the culture of the cover-up is so strong that the board would rather not discuss an issue, or even get a report, to avoid putting their awareness of a problem on record. But that is no longer an option.

From industry, Warren Olivier, the Regional Manager for southern Africa of Veeam Software, also says the issue highlights the need for boards to put data availability high on the agenda. Data availability is not a box to tick; it has real commercial consequences. A company that fails to meet the requirements of the Act may find itself liable for damages. On the other hand, steps that companies take to comply with the POPI requirements will also go a long way to ensure business continuity.

Olivier says POPI may encourage more businesses to keep sensitive data in the cloud: Losing unencrypted data stored on a flash drive or laptop is a worst-case scenario. Maintaining a single storage location in the cloud, with appropriate encryption, helps to ensure that there are no unauthorised or forgotten copies of your data out in the world.

In addition, he says, if there is ever a need to erase a lost device remotely because it contained sensitive data, there had better be another copy - and that copy had better work. All back-ups must be verified to ensure guaranteed recovery of data and constant availability.

About Jos Floor

Jos Floor is spokesperson for Floor Swart attorneys
Let's do Biz