The ratification of sections of the Protection of Personal Information (POPI) Act last year has strengthened the rights of the consumer while forcing many organisations to rethink their information security strategies.
As the expected deadline for compliance approaches (a year from the November 2013 enactment), protecting customer data from theft or loss is no longer simply a matter of retaining customers, it’s about avoiding hefty fines and even potential jail time.
According to Simon Bromfield, territory account manager at Adobe Systems sub-Saharan Africa, “As companies formulate policies to adhere to the POPI Act, it is important that they don’t overlook the importance of putting document security measures in place. Document security is a key component to protecting the confidentiality, integrity, authenticity, availability and utility of information.”
This view is supported by a recent Adobe sponsored study conducted by Ponemon Institute, a research centre dedicated to privacy, data protection and information security policy, which identified that document security technologies are critical to protecting information while document security policies need to be put in place and enforced to ensure document security.
The rapid adoption of disruptive technologies such as cloud services and Bring your own Device (BYOD) present additional challenges for IT departments as they are no longer able to protect user devices while cloud-based services mean IT doesn’t directly control the network, server, OS or application in use.
This further drives the need for companies to investigate and implement measures that will provide document security to ensure the adherence to the POPI Act.
“Document security technologies have never been as important to the protection of information as they are currently. Staying on the right side of the POPI Act entails a layered defence that is able to encompass all applications and overcome the risks posed by e-mail, the Internet and shared folders,” says Bromfield.
Companies need to be cognisant that electronic documents don’t necessarily always live on the company’s systems, as often employees need to collaborate with people outside of the organisation. These instances further emphasise the importance of putting measures in place to ensure that private information does not end up in the wrong person’s hands.
The impending POPI Act draws attention to the security vulnerability of documents, making them a big concern for IT departments and companies. To address this, and avoid potential consequences, companies need to implement security that travels with documents where ever they go.
PDF, as an example, provides document protection capabilities with an Encrypt tool that prevents people from opening, printing or editing documents unless they have the required password or digital ID.
“It is important to note that standard PDF files are sufficient when sharing documents that pose no security or privacy risks, however, in the case of protecting personal information, companies need to add security to PDF documents that will limit viewing, editing, printing and other features,” says Bromfield.
“Adobe Acrobat provides the perfect solution for enabling employees to apply security to documents that pose a risk, and is simple to install, easy to use and not costly to implement with the existing infrastructure.”
Implementing the correct measures to comply with this new legislation may be a challenge for many organisations but technology exists to remove obstacles and smooth the most arduous terrain.