Consumer data, or personal information, is under constant and increasing threat. So says CEO of information security solutions provider, Condyn, Jorina van Rensburg, who believes that the ease with which information can be collated and communicated in the information age has brought with it the abuse of personal information.
"Identity theft and cyber-crime are real problems and not a day goes by that we do not read of these abuses in the press," she explains. "To combat the potential unlawful access and abuse of personal information, standards and laws are being developed and entities processing personal information will increasingly be required to prove their compliance with relevant standards and laws.
"In view of the provisions of the new Companies Act (due to commence in the middle of this year) and the King III report, not only may companies processing personal information be held liable for failing to fulfil their responsibilities to consumers, but so too may their directors and senior executives. This potential liability also extends to loss that stakeholders in these entities may suffer as a result of possible reputational risk compromises."
For many companies, the immediate compliance issues in the context of personal information relate to the Payment Card Industry Data Security Standards (PCI DSS), the Protection of Personal Information Bill and the provisions of the Companies Act and King III, which require directors to exercise proper ITC governance.
The PCI-DSS specifically was developed to create common industry security requirements and has been endorsed by payment card companies such as MasterCard, VISA and American Express. It applies not only to store merchants, but to banks, service providers and card processors, in fact anyone who accepts and stores credit card numbers and associated information. Any merchant or organisation handling credit card numbers must comply with the detailed technical requirements outlined by the standard or face substantial fines.
In order to assist its clients in addressing the many issues around compliance, Condyn and its partners, Safenet and Mark Heyink from Information Governance Consultancy, have scheduled a road show covering the implications of the legislation, draft legislation and standards referred to above, the enabling technologies offered by the two companies specifically as they relate to Requirement 3 and 4 of PCI DSS, and practical issues in the implementation of the technologies, development of policy governing the use of the technologies and the training of staff in the appropriate use of the technologies.
The road show will take place in Cape Town on 2 February 2010 at the Bell Rosen Guest House, and in Johannesburg on 3 February at the Indaba Hotel and Conference Centre. For more information, please contact Condyn's Paul Platen on tel: +27 (0) 12 665 4356 or e-mail: paul@condyn.net.
Share