Every company needs to comply with the Protection of Personal Information (POPI) Act by ensuring that customers’ personal information is protected against loss and destruction.
“Compliance prevents customer information from falling into the hands of people who could use it to engage in fraudulent activities,” says backup, recovery and availability specialist company Veeam regional manager for Southern Africa Warren Olivier.
He adds that such fraudulent activities include the opening of illegal bank accounts or the unauthorised buying of goods using someone else’s personal information.
Olivier says losing personal data can cause serious problems for a company’s customers, as they would struggle to access their transaction histories or any record of activities that have taken place in their accounts.
He adds that maintaining data availability goes beyond simply keeping backups. “Having a backup is worthless unless you can restore information from it – so every backup needs to be tested, besides being securely stored and encrypted.”
Meanwhile, intellectual property law firm Floor Swart’s director of corporate and Internet protocol law Jos Floor says Section 19 of the POPI Act states that companies must take appropriate and reasonable measures to protect personal information against loss and destruction.
“This means keeping your own security and data protection up to date, and ensuring that anybody who handles data on your behalf does the same.”
Companies also need to ensure that data is protected appropriately during the recovery process. “Good solutions for data availability should include easy item- level recovery so that only authorised people can access only the information they need,” says Olivier.
Floor says companies that have stable information technology practices should not have problems in complying with the POPI Act.
“A company that is already complying with the International Organisation for Standardisation or the Control Objectives for Information and Related Technology does not have to do much to ensure that its processes and operations are in line with the security requirements of the POPI Act.”
He adds that the Act puts the onus on the company, as the holder of personal data, to inform the regulator and the affected person should information be accessed or acquired by an unauthorised third party.
Olivier says Veeam recognises the challenges of keeping a business operational at all times and “addresses the challenges with solutions that provide high-speed recovery, data-loss avoidance, verified protection, leveraged data and complete visibility”.
He adds that Veeam’s Availability Suite product leverages technologies that enable the modern data centre, including VMware vSphere, Microsoft Hyper-V, NetApp storage, StoreServ and StoreVirtual Storage, to help companies save time and mitigate risks, as well as reduce capital and operational costs.