Category : Protection of Personal Information
Cape Town – The Protection of Personal Information Act (Popi) demands that companies take precautions as regards the handling of personal information.
The Act indicates that firms may face significant liability in the event of data loss or if information is shared with third parties without explicit consent of the “data subject” – you.
However, given that a regulator has not yet been appointed, the full implementation of the law is lacking, giving companies some breathing space to become compliant.
Doros Hadjizenonos, sales manager for Check Point South Africa has compiled five tips for companies to manage their data to ensure compliance with the law.
Check Point software offers security protection that it intended to assist businesses in becoming compliant with the legal regimen
Here are the five tips:
1. Know where the data is
Knowing what information you need to protect is the most important step. Once you know where this information resides, you can put a plan in place to secure it.
2. Encrypt the data and control what data leaves the organisation
Encryption ensures that data will not be accessible should it end up in the wrong hands. Employees are one of the weakest links in an organisation when it comes to data leakage. They may accidentally send confidential information to a friend who has the same first name as their line manager, for example.
This could result in the leakage of personal information; as a result, the company could be liable to the law for any fines or imprisonment.
3. Ensure mobile devices are secure
As employees become more mobile, organisations need to take measures to ensure that any information classified as personal, according to Popi, is protected – even on mobile devices, including smartphones, tablets and laptops.
These days, it’s easy to buy a mobile exploit, which takes advantage of code vulnerabilities to gain access to, and control over, a device and the data that resides on it, if it is not protected adequately.
It is important that every business that has adopted a mobile workforce strategy has a security policy to effectively secure the data on these devices.
4. Focus on the advantages of compliance
Complying with Popi gives businesses a competitive advantage. Customers are more likely to do business with compliant organisations as they know their data will be safe.
An even bigger advantage is that compliance opens doors to doing business with EU organisations. Europe is strict when it comes to data protection – businesses may not deal with countries that do not have some kind of data protection act in place.
5. Consider a new approach to security
At the enforcement layer, businesses implement policies to protect data, while the control layer involves creating the policy, and the management layer oversees the entire process and provides visibility of protected data.
Data protection is about policy creation. Businesses should know what data can leave the organisation and what data must be encrypted.