https://www.engineeringnews.co.za

Data hoarding may make companies liable to PoPI penalties

14th November 2014

By: Schalk Burger

Creamer Media Senior Deputy Editor

  

Font size: - +

Although companies process more data than before, data hoarding – gathering data without a clear business reason or security strategy to protect the underlying information – exposes them to Protection of Personal Information (PoPI) Act, No 4 of 2013 penalties, as well as associated business risks.

When PoPI comes into effect, data hoarding will be illegal in South Africa because it requires that data may only be processed for as long as there are clear and defined business purposes to do so, says advisory firm Grant Thornton Johannesburg information technology (IT) advisory director Michiel Jonker.

Technology news website Mybroadband last month announced the discovery of serious security vulnerabilities, which subsequently led to data leakages by the Web application of financial services firm FNB, as the online card-tracking facility exposed customers’ personal details. Urban rail Gautrain’s gold card holder details were also exposed during the same week.

“All security breaches will have to be reported directly to the data subjects that have been impacted on and to the Regulator.

“Businesses need to consider whether these security incidents are as a result of data hoarding issues or operational oversight, especially with the new PoPI legislation and its strict guidelines looming,” emphasises Jonker.

Security incidents can be very damaging to a company’s strategy and reputation in the marketplace, as well as its competitive edge.

Companies have been processing and analysing more data pertaining to their industry or to existing and potential clients. However, there is a very fine line between using effective business analytics tools to mine data and data hoarding with no purpose or strategy regarding the security consequences of this information, he notes.

“The new Act provides an almost certain guarantee that more companies will end up with egg on their faces very soon, aside from businesses also having to appear in court to face criminal charges and civil claims,” Jonker warns.

While business and IT strategies should not be formalised purely on compliance requirements, such as the pending PoPI legislation, businesses must consider security best practices to achieve a proper balance between availability and security principles.

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

Showroom

Condra Cranes
Condra Cranes

ISO-certified Condra manufactures overhead cranes, portal cranes, cantilever cranes and crane components: hoists, drives, end-carriages, brakes and...

VISIT SHOWROOM 
Booyco Electronics
Booyco Electronics

Booyco Electronics, South African pioneer of Proximity Detection Systems, offers safety solutions for underground and surface mining, quarrying,...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.972 1.032s - 185pq - 2rq
Subscribe Now