The POPI Act – Ensure you do not make headlines for all the wrong reasons

 

How not to fall foul of the POPI Act

Question: What’s the defining feature of the modern communication age?

Answer: Instant, pervasive connectivity. We are all electronically connected – clients, suppliers, colleagues, business leads, family and friends . . . we’re never far from an electronic device that puts us in touch with people we know and with those we don’t. These devices carry an incredible volume of data traffic – some of it routine, some of it incredibly sensitive. An influential and far reaching piece of legislation is about to revolutionise the way South African businesses deal with, process and transfer the data that runs on their information networks. By closing the circle on the policing of this fluid trade of information on and between physical and wireless networks, the Parliament of South Africa is making the protection of personal information a statutory reality – and a practical headache for many organisations.

 

It could happen to you!

 

Anyone picking up a general print newspaper, business publication or logging on to the Internet will have noticed the increase in the reporting of sensational security or confidentiality breaches.

 

A breached server, hackers, human error, malicious internal actions – whatever the source, trafficking in stolen or misappropriated data is big business.

 

It’s no longer enough to defend your network with a traditional security policy that looks outward to external threats, because increasingly the breaches are coming from a trusted source within the organisation, either from malicious or entirely innocent motives.

 

Internationally the trend is to legislate rigorously to guard against these breaches. Complex laws place a heavy onus on organisations to safeguard the data they transmit. These laws elevate the duty to protect client and company information beyond a professional courtesy, to a stringent legal obligation.

 

And now South Africa is following suit, with the imminent promulgation of an extremely sophisticated piece of legislation aimed at protecting the flow of confidential information within and between organisations.

 

The Protection of Private Information (POPI) Act – Is it a paper tiger?

 

Many organisations are only vaguely aware of the impending promulgation of this groundbreaking piece of corporate legislation. Up until now, electronic data has only been covered by the Electronic Communications Act.

 

The Protection of Private Information (POPI) Act tightens up technology legislation in South Africa and focuses companies on taking responsibility for the responsible stewardship of data. It also attaches stiff penalties to any breaches or failures on the part of organisations that fail in this duty. Currently in Bill form, it is before Parliament and expected to become law sometime in mid-2010.

 

This leaves organisations with a limited window of opportunity to safeguard themselves and put defences in place to secure not only their data, but themselves against harsh sentences and financial penalties.

 

Some of the highlights and implications of the Act are:

 

• The role of the information officer in the organisation will become more important.

• Organisations will have to put a privacy and data protection policy in place as a matter of urgency, backed by the technology and processes to implement it.

• Heavy fines and jail terms for non-compliance will be meted out.

 

Closing the window of opportunity

Dimension Data is ahead of the curve. Through exposure to our global business, we have tracked international trends in data protection and already have a full suite of products that complement our traditional security offerings and present a holistic security posture that covers technology, compliance and the evolving field of play. We recognise that a new frontier has opened up on the network that needs to be defended.

 

We already have outstanding credentials in the security space, developing adaptive technologies to secure client networks. Our Data Loss Prevention (DLP) offerings leverage this expertise, monitoring all avenues of electronic communication, from email to instant messaging (IM) and webmail through content filtering, the blocking and control of electronic communications leaving the network, and classification of information.

 

All these strategies work together to prevent intellectual property, financial information, personal data and other highly sensitive information, from being stolen, exploited or misused.