Category Archives: Protection of Personal Information

  • 0

Data security tips

Cape Town – The Protection of Personal Information Act (Popi) demands that companies take precautions as regards the handling of personal information.

The Act indicates that firms may face significant liability in the event of data loss or if information is shared with third parties without explicit consent of the “data subject” – you.

However, given that a regulator has not yet been appointed, the full implementation of the law is lacking, giving companies some breathing space to become compliant.

Doros Hadjizenonos, sales manager for Check Point South Africa has compiled five tips for companies to manage their data to ensure compliance with the law.

Check Point software offers security protection that it intended to assist businesses in becoming compliant with the legal regimen

Here are the five tips:

1. Know where the data is

Knowing what information you need to protect is the most important step. Once you know where this information resides, you can put a plan in place to secure it.

2. Encrypt the data and control what data leaves the organisation

Encryption ensures that data will not be accessible should it end up in the wrong hands. Employees are one of the weakest links in an organisation when it comes to data leakage. They may accidentally send confidential information to a friend who has the same first name as their line manager, for example.

This could result in the leakage of personal information; as a result, the company could be liable to the law for any fines or imprisonment.

3. Ensure mobile devices are secure

As employees become more mobile, organisations need to take measures to ensure that any information classified as personal, according to Popi, is protected – even on mobile devices, including smartphones, tablets and laptops.

These days, it’s easy to buy a mobile exploit, which takes advantage of code vulnerabilities to gain access to, and control over, a device and the data that resides on it, if it is not protected adequately.

It is important that every business that has adopted a mobile workforce strategy has a security policy to effectively secure the data on these devices.

4. Focus on the advantages of compliance

Complying with Popi gives businesses a competitive advantage. Customers are more likely to do business with compliant organisations as they know their data will be safe.

An even bigger advantage is that compliance opens doors to doing business with EU organisations. Europe is strict when it comes to data protection – businesses may not deal with countries that do not have some kind of data protection act in place.

5. Consider a new approach to security

At the enforcement layer, businesses implement policies to protect data, while the control layer involves creating the policy, and the management layer oversees the entire process and provides visibility of protected data.

Data protection is about policy creation. Businesses should know what data can leave the organisation and what data must be encrypted.

  • 0

SA firms dragging their heels on Popi

Johannesburg – The implementation phase of the Protection of Personal Information Act is around the corner, but the majority of South African enterprises have not yet made an effort to comply with the legislation.

The act, also known as Popi, seeks to place restrictions on how companies handle personal data and guarantees the public the right to opt in to be contacted for specific marketing or promotional purposes.

However, research by a security firm has found that the majority of organisations are taking a wait-and-see approach.

According to Trustwave, at least 51% of South African companies have not made a significant effort to comply with the legislation.

While part of the reason may lie in the fact that a regulator has not been appointed yet, it is expected that a regulator will be appointed before the end of 2014, after which firms will have no more than 12 months to reach full compliance or face penalties.


For comparison, in the UK which has similar legislation, it has taken more than a decade for some companies to comply with the law.

But Popi is unlike other legislation. It is focused on getting consumers to hold organisations liable for how personal data is gathered, stored and used.

“It’s a bottom up approach and that’s why you have a regulator,” data protection specialist Francis Cronje told Fin24. “The regulator’s main role is public awareness.”

Andrew Kirkland of Trustwave makes his point on Popi compliance. (Duncan Alfreds, Fin24)

He said that South Africans were not as vigilant regarding their personal data to prevent criminals from accessing it.

As an example, Cronje cited people throwing away medicine labels which often contain personal information and even bills or bank statements with financial information.

“There are a lot of syndicates that pay those people to harvest personal information and that’s how you get a lot of credit card fraud and ID theft,” he said.

Some unscrupulous organisations also make it a business model to harvest personal data and sell it on to companies not even based in SA.

Disgruntled workers

“There’s a lot of data theft going around. Sometimes you might get this e-mail from a complete stranger in America offering you a database in South Africa, leaving you wondering: ‘How did they get it?'” Cronje said.

Some operators have been known to advertise for general jobs on classified websites as a way to collect vast amounts of personal data as people applied for employment.

Cronje also listed some disgruntled workers that might leave a company with a database of customer personal and financial information.

It is imperative that organisations ensure that there are systems in place that prevents personal data leaking out through the direct actions, incompetence or malevolence of employees.

“There’s no excuse for that,” Cronje stated emphatically.

According to the Trustwave report, 38% of companies said that they had organisational measures in place to prevent the loss of unauthorised data.

However, Trustwave said that even if South African companies had experienced a data breach, it is unlikely that they would make it public.

Lax attitude

“In South Africa, no. Nobody’s going out there to publically announce that they had a data breach. That would be quite catastrophic for them. However, I do agree with Francis that there is a responsibility with that company to go through that process to notify you – not 32 days later,” Andrew Kirkland, Trustwave regional director for Africa told Fin24.

Sony waited 32 days to publically announce that it had experienced a data breach on its PlayStation Network and the company has agreed to pay $15m is a settlement.

Many South African companies also have a lax attitude regarding personal data when contracting third party marketers.

“If you engage with a direct marketer, make sure at least, that you’ve conducted your due diligence,” said Cronje.

He added that for both private and public enterprises, the theft of personal data in SA was a huge problem that Popi would address if companies made compliance a priority.

“It costs this country in excess of R3bn per annum in ID theft just from a governmental perspective. Imagine what it costs business.”

Watch this video to see how Popi will affect you.

  • 0

Five wireless trends affecting SA in 2015

Privacy and security will become top of mind

Globally, the Sony Pictures hack in late 2014 sent shock-waves across the globe.

Closer to home, Wapa has said that the Protection of Personal Information (Popi) Act will begin to affect South African businesses in 2015.

Popi plans to bring SA up-to-date with global data protection laws and boost citizens’ constitutional right to privacy.

Popi further provides guidelines on what data can be obtained from organisations and how that data can be used.

“There is no better time to design and build systems that have security and consumer privacy as core tenets rather than afterthoughts,” said Wapa.

“This is especially relevant to public internet access points such as Wi-Fi hotspots, where a combination of poor security, multiple devices, and consumers on the go could lead to some unfortunate consequences,” added Wapa.

  • 0

Watch out for this WhatsApp ‘scam’

Johannesburg – Responding to an SMS that advertises WhatsApp add-ons or updates could cost you hundreds of rands per month.

This is according to IT consultant and prominent technology blogger Liron Segev who has highlighted what he calls just the latest WhatsApp ‘scam’ to hit South Africa.

It starts with mobile phone users receiving an SMS from a Wireless Application Service Provider (Wasp) saying “you have not updated to the latest WhatsApp Add-ons”. The SMS then prompts the user to ‘click’ – or rather press – on a link.

Segev says “unsuspecting” victims will activate the link, which opens up the phone’s web browser and leads to a page with a big green button that says ‘continue’.

However, the risk is that users may skip over the fine print at the bottom of the web page, which details how the service will deduct R7 per day off their phone bill.

If left unnoticed, this could add over R200 to your phone bill per month. This could help these ‘Wasps’ earn large amounts of money, even if they only reach small numbers of people. In South Africa, WhatsApp has 10 million users alone, according to research from World Wide Worx and Fuseware.

“The issue is you get scams like this which are playing on the masses, sending out millions of these SMSs, hoping that a certain percentage will actually not bother to read,” Segev told Fin24.

“They’ll catch you when you’re not focusing. You’ll put a couple of clicks in; nothing will happen. You’ll think nothing of it, but then little amounts of money come off your account without you realising it,” Segev said.

Segev further told Fin24 that this type of SMS sign-up is just one of many as other companies send out text messages prompting users to deactivate or even upgrade WhatsApp.

WhatsApp can only be updated via the Google Play apps market for Android or the Apple App Store.

June 2019
« Jan