The South African legislative environment is constantly changing - often before, business has become completely comfortable with its responsibilities under the prior legislation.
Irrespective of which industry you work in, data is your most valuable resource. It pours into organizations from every possible source, operational and transactional systems, mobile and the web.
The importance of data management has changed significantly in recent years and this is due to the advances in big data mining and the benefits it offers businesses. The landscape of data management is again undergoing changes, due to the introduction of the Protection of Personal Information (POPI) Act.
Even though the aspects of the Act that apply to companies are not yet in effect, it is recommended that companies start their journey towards compliance as early as possible.
What will the act mean for IT departments within South African businesses?
Companies that deal with personal information need to invest in the best possible security systems and processes. They need to ensure that the IT staff members they employ have the required skills sets to work with these systems. Not to mention the challenges that arise with mobile device strategies, bring your own device (BYOD), adoption of social media and cloud-based strategies.
According to an article published on IT News Africa, they said that specialist IT positions will be created in larger companies to deal specifically with POPI compliance. New titles such as privacy officers and data specialists are already coming into play.
Companies may also want to look closer to home in terms of website hosting and compliant software. South African software producers and IT practitioners know the provisions of the Act and can be better positioned to ensure compliance.
Deleting data after usage
Data security is a major issue for businesses and organisations today. Ensuring that your data is secure is becoming more important every day and vital to business operations. South Africa may be one of only 28 countries with a security policy in place; this has not stopped hackers from cyber-attacks. Hackers have shown how creative they are when it comes to accessing personal information. When a company's database is hacked and this information is made available online, the brand image and trust of that company are easily destroyed.
Managers who will or who already is in charge of data storage need to look at the Act carefully to make sure that customary practices, some of which may have been in place for many years, do not violate the Act.
There are companies that hold onto data for years before they destroy it, however, the POPI Act instructs companies to get rid of data once it has served the purpose for which it was collected in the first place. Businesses need to ensure that they keep all the legal details of the Act in mind when dealing with data.
Have you taken measures towards data loss prevention and encryption in your business?