With the Protection of Personal Information (POPI) Act being signed into law, a race against time is about to start for businesses across South Africa. Their mission is to ensure that customer information in their custody is adequately secured – and doing so may require a multifaceted approach.
That much is clear from a recent event hosted by Bytes Systems Integration which covered every aspect of POPI and its implications for business operations.
Patrick Hastings, divisional MD of Bytes SI, notes that POPI seeks to ensure that corporations make every effort to securely store, transmit and access customer information and that records are kept of all the utilisation of the data in order to provide an audit trail upon request. “With the Act signed by the president, it is about to be introduced and when it is, companies will have 12 months to ensure compliance or face prosecution,” he says.
At Bytes’ POPI seminar, which took place in early April, the implications of the new law on various aspects of information and the security measures to protect information were covered. Topics included vulnerability scanning, firewalls and intrusion protection systems, document signing solutions and credential management.
Companies which have a holistic understanding of the many touchpoints that POPI will have within their operations, will be better prepared for compliance. Such companies are also positioned to achieve compliance within the allotted timeframe, says Hastings.
“Apart from legal and financial implications the biggest risk in failing to comply with POPI lies in reputational loss should customer data be compromised,” he points out.
The recent Heartbleed scare, and the headlines it has generated around the world, confirms that the general public is far more aware of the risks presented through information breaches and quite reasonably, expect the organisations with which they transact to adequately protect their data. With POPI, that expectation is codified into law.
Hastings says Bytes Systems Integration offers a comprehensive range of security solutions that enable corporations to secure customer data in all aspects of its lifecycle.
“That means data in storage, in transit or while being accessed. This, accompanied with extensive security skills, is necessary along with guidance and support to ensure that South African companies achieve compliance with no interruption to their business activities, while removing the risk of non-compliance,” Hastings concludes.