The Protection of Personal Information (PPI) Bill will have far-reaching consequences on businesses enacted into law, said international and local security experts during an ISG Africa chapter meeting panel discussion.
Held yesterday in Pretoria, the discussion revealed that the PPI Bill would probably not be enacted before the 2010 Fifa World Cup.
The PPI Bill, which was submitted before Parliament in October last year, is expected to be enacted into legislation by the Parliamentary Portfolio Committee in May. The PPI Bill will change the way organisations view and manage information.
Ananda Louw, principal state law advisor for the high court of SA, said a technical sub-committee has been elected to work through the Bill and review the written considerations made by the public; these will then be voted on by the Parliamentary Portfolio Committee. She could not reveal an exact date when the legislation would be finalised.
Louw, said: “We are at the end stages of the Bill, but there's still a lot of work to be done. There won't be major changes to the Bill, and there's preparatory work we are doing, and the portfolio committee will make the final decision.”
She explained that the PPI Act will mean companies will need to enforce a mindset change on how to protect customer information and will need to follow certain processes in order to do so.
Tackling privacy
Pria Chetty, founder of Chetty Law, says there is still confusion among companies as to what exactly constitutes as privacy to information, and the PPI Act is expected to define this.
Ritasha Jethva, head of privacy for Absa, said: “Its clear privacy is about being true to the data companies hold, and being transparent about that information. Incident management should be the first to get off the ground in terms of information. It's not really about where privacy sits, but about the execution of privacy controls and making employees aware of the importance of privacy.”
ISG African chairman Craig Rosewarne points out that the approach to privacy is not simple and will have consequences on local companies as to how they protect their employee and customer information.
Govt bullish about cyber-security
The Department of Communications (DOC) recently revealed its cyber-security policy, which aims to foster co-operation between the government and private sector.
The DOC will roll out national and sector-based computer incident response teams (CSIRTs) of dedicated information security specialists to establish standards and measures to deal with cyber-security and privacy issues.
ISG Africa is working with government, law enforcement agencies and stakeholders in order to establish a national CSIRT. ISG Africa has already deployed four international information security experts to provide CSIRT training.
“We are looking at establishing ISG Africa as a group holding; having the CSIRT team, portal, training arm and a consulting arm,” explained Rosewarne. “A team of forensics experts and a legal team will assist companies in developing the right governance systems.”
Share