One of the easiest ways to cause harm and unquantifiable damage to a company brand is through its Web site. That is, if fundamental security precautions are overlooked.
This, may have unfortunately been the case as evidenced by breaches at Target (110 million records affected), Kmart (extent of loss not known), Home Depot (53 million e-mail addresses stolen), US Postal Services (2.9 million customers and 75 000 employee and retiree personal information stolen), Postbank cyber robbery, South African Police Web site hacked, Sony data breach, and the list goes on.
Online shopping is becoming closely the equivalent of shopping in-store. The increase in trend for people to shop online is now realised where over 50% of South Africans with Internet access who shop online. Businesses must now enrich the "physical-feel-touch" experience of a customer in-store yet additionally ensure that a customer's online experience is not only quite similar but, more importantly, safe, secure and trustworthy.
In this age of consumers' ever-increasing electronic and digital activities, necessity to protect the confidentiality and security of such interactions must remain central to an organisation's ambit of control. They have no choice but to be intuitive to a customer's needs and likewise responsive to the provisions of the various legal and regulatory requirements that govern electronic processing and management of a consumer's personal information. This will demonstrate practice of corporate responsibility and enhance customer trust.
Failing to do so will result in dilution of goodwill and trust and see increased reputational risk to a point where it cannot be measured or quantified. So the question remains: Why is protecting personal information important? More so, how do we plan, organise and demonstrate independently that responsible measures have been implemented?
In the South African context, many companies have adopted the wait-and-see approach or "we will wait until the Information Regulator for POPI is appointed, then we still have one year to comply" attitude. Not realising that POPI is but among the many legislative requirements, best practices and standards that have been in place for some time now. To name a few, Sections 50 and 51 of the ECT Act, Section 111 of the CPA, Section 40 of RICA, Chapter 5 of King III, ISO 29001. All of these talk directly to the protection of personal information. In some cases organisations say "we are too small to be noticed", not realising that a privacy breach is also a legal breach.
To effectively managed these risks and ensure necessary compliance, technical controls, process controls and legal and governance controls must work in tandem to meet respective control objectives.
To answer the second question cited, Infoseal, South Africa's first online information and privacy assurance provider, was conceptualised to assist business improve its online governance practices which in fact resides at the "front door" of your organisation - your Web site. Its credo "Assuring a trusted on line experience".
Infoseal has considered applicable sections of various local and international legislations, standards, frameworks and best practices including European Data Protection Principles and guidelines to form the InfoSeal Website Compliance Program (IWCP) designed to:
* Provide website users with assurance that they are interacting with a website that is legitimate and complies with the IWCP.
* Provide assurance that personal information being processed via the certified Web site is conducted lawfully, in a way that does not infringe on a user's privacy and is in accordance with the certified Web site's privacy notice and terms and conditions.
By "assuring a trusted online experience", Francis Cronje CEO of InfoSeal envisions the Infoseal brand and solution to be the "de-facto" standard for online Information and Privacy compliance in South Africa. For more information about Infoseal, click here.
Share
Editorial contacts