Questions of privacy dominated a panel discussion held at the Security Special Interest Group (SSIG) in Cape Town recently, as members of the audience seemed more concerned about protecting personal information than they were about security.
The SSIG was formed last year in an effort to foster professional standards in IT security.
The panel consisted of electronic lawyers Lance Michalson, Jos Floor and Derrick Swart, and was facilitated by Karel Roode of SSIG.
The latest panel discussion was called to discuss section 5.8 of the SA Law Commission`s issue paper number 24, which relates to privacy and data protection. While this is still the early stages of what could eventually become a law, the issue of privacy was propelled to the forefront of discussions. The issue paper still would have to be made a 'Green Paper`, after which it would be shaped into draft legislation called a 'White Paper` until becoming a Bill before being made an Act of Parliament.
"We have recognised that the concepts of security and privacy overlap, but they must be considered as two separate issues," said attorney Lance Michalson.
He said the SA Law Commission was trying to find some kind of balanced approach that would be acceptable to the way business is done in this country and with its major trading partners in the European Union, the UK and the US.
Current EU privacy laws forbid the export by companies registered there of personal information to companies in another country whose laws do not equate with those in Europe.
"The question is 'can this country afford to implement the same standards as those of the EU?`" Floor asked.
Another point raised was the Australian prohibition that forbids the subsidiaries of a company from sharing personal information. Should this be applied to South African law, it could place some local business models in jeopardy, such as 'bank assurance`, which sees banks passing sales leads to their insurance partners.
The panel and the audience broadly agreed that some kind of ethical study would have to be done on the custodianship of data, people have to be given reasonable assurances that personal information will be looked after and that it would ultimately have to be balanced out with security.
Meanwhile, SSIG`s Rode reports that at least nine candidates have passed their Certified Information Systems and Security Certification from the International Information Systems Security Certification Consortium from the first hosting of the exams in the Western Cape.
Rode says SA faces a skills shortage in this area, but that the discipline is now attracting a significant number of previously disadvantaged people to its ranks.
Share