Compliance with the imminent Protection of Personal Information (POPI) Act is gathering pace among South African organisations.
This was one of the biggest findings of the ITWeb/Ovations POPI Survey, which ran online for 14 days in February 2014.
A large portion (68.42%) of the respondents said their organisation is taking proactive steps to protect personal information; only 10.53% indicated that they are not; while 21.05% of respondents remained unsure.
Commenting on the survey results, Johan Dippenaar, a consultant at Ovations, says organisations may approach compliance with the POPI Act in different ways, but the fact remains that all rules and regulations surrounding the Act must be adhered to by all organisations.
"All personal information must be protected and this may be done by implementing an information security management system (ISMS). Organisations must ensure that the movement of any information, internal and external, is managed by the policies of the ISMS," he says.
Dippenaar cites ISO 27001 as one of the ISMS standards that organisations can implement to avoid potential financial and legal implications of not protecting personal information.
"Organisations need to ensure that the movement of any information, internal and external, is managed by the policies of the ISMS," Dippenaar continues.
"The ISMS must also clearly define what the mechanisms for data movement are. A managed file transfer solution should be deployed for this and the e-mailing of attachments containing personal information should not take place."
The study also found that an overwhelming majority of survey respondents (91.73%) chose e-mail attachments as the main method for their organisation to exchange information, 42.86% chose FTP or in-house developed solutions and 39.10% chose cloud-based file sharing services.
It also determined that most organisations (44.62%) do not have a committee in place to govern their POPI implementation. However, it also revealed that 36.15% of the respondents currently do have a committee in place.
"When forming a committee to govern POPI rules and regulations, it is advisable to implement a multi-functional advisory committee consisting of an information officer, chairperson and subject matter experts that are represented across IT, HR, governance projects, customer services and marketing divisions," says Natalie Bevan, principal consultant at Ovations.
Bevan goes on to say that such a committee should create a strategic mandate to ensure the timeous implementation that is in line with the regulatory requirements.
"This committee should then be accountable for driving internal adoption, compliance, awareness and alignment," she points out.
Jordan Biermann, knowledge manager at Ovations, notes that the South African market has started to explore cloud-based solutions over the past few years.
"Cloud-based solutions have been seen by some as the next step of the IT evolution. The increase in bandwidth connections and availability for business to have access to unshaped and uncapped options, allows the cloud service to become more viable. The global market is predicted to grow from $41 billion to $241 billion by 2020."
He also believes that although SA is behind on the trends with current IT infrastructures, the local market will follow the global trend as the country's infrastructure continues to improve.
"However, in terms of the POPI Act, selecting the appropriate cloud-based solution will be a difficult task," Biermann says.
Share