Johannesburg, 31 May 2018
On the morning of the 24 May 2018, South Africans awoke to hear the news that the personal information of about 934 000 drivers was leaked on the traffic fine online payments system, ViewFines.
The data leak included sensitive information such as identity numbers, full names, e-mail addresses as well passwords in plain text. Like the 2017 Master Deeds leak and the recent Cambridge Analytica's Facebook incident, the ViewFines incident is another reminder of how our personal data can be spread without our knowledge or consent; and why data privacy should be top of mind.
To this end, we are seeing a shift where governments are enforcing obligations on organisations across industries with new data protection laws such as POPIA in SA and the General Data Protection Regulation (GDPR) in the EU.
While SA organisations do not yet know when POPIA will be in full effect, the EU's GDPR regulation may be applicable for SA businesses that may have all or part of their operations based in Europe, that offer goods or services to EU residents, that monitor the behaviour of EU residents or that have partnerships with an EU business.
GDPR recently came into effect on 25 May 2018 and has severe consequences for organisations that are non-compliant.
Over the years, the relationship between South Africa and the EU has grown incrementally to reach the level of a strategic partnership.
As a result, there is a strong focus on co-operation in the economic sector and regulations such as GDPR can foster this co-operation.
Its purpose is to complement the data privacy regulations that each EU member has implemented and provide a single, comprehensive regulation that is compulsory for all organisations processing the personal data of EU residents.
The good news is that there are resources available to assist an organisation with GDPR.
ISACA has developed an implementation guide that can be used to apply GDPR in any organisation. The ultimate purpose of the guide is not to just help organisations become GDPR compliant but also to ensure the privacy of its people.
Ultimately, this is supported by the effectiveness of the organisation's data privacy program that is based on the risk to the subject's data and not just the risk to the organisation.
This guide will also assist non-European organisations to understand to what extent GDPR will apply to their business practices and processes.
All ISACA resources on GDPR can be accessed at https://www.isaca.org/info/gdpr/index.html. This includes free resources such as Adopting GDPR Using COBIT 5 and the GDPR Data Protection Impact Assessments.
The implementation guide is available at a cost of $25 for ISACA South Africa members and $50 for non-members and can be purchased at www.isaca.org/implementing-gdpr.
The ISACA South Africa chapter hosted a successful regional event entitled "The Great Big Data Debate" in Cape Town on 29 May 2018.
The conversation focused on achieving the right balance between data exploitation and data-driven innovation versus data regulation, security and privacy. We encourage you to continue this conversation and provide your thoughts on the topic by leaving a comment on any of our communication channels.
If you have registered on ViewFines, it is best to immediately change your password. You can also confirm whether your personal information has been breached on the HaveIBeenPwned Web site.
Share