companyzone companyzone

Webinar to outline data-centric approaches to POPIA compliance


Johannesburg, 25 Oct 2021
Read time 4min 00sec
Dave Matthews, technical solutions manager at archTIS.
Dave Matthews, technical solutions manager at archTIS.

An upcoming webinar to be hosted by archTIS will outline how a data-centric approach is key to securing information and achieving compliance with the Protection of Personal Information Act (POPIA) – particularly as remote work increases the risk to shared data.

Cybersecurity Insiders research carried out on behalf of archTIS this year found that remote work raises security concerns across areas such as home network security, the use of personal devices, and sensitive data leaving the perimeter. When asked what work applications used by remote workers caused the greatest security concerns, 68% cited file sharing, 47% said web applications, 45% said video conferencing and 35% said messaging. Despite these concerns, 90% of respondent organisations said they were likely to maintain a remote workforce.

Dave Matthews, Technical Solutions Manager at archTIS says that in this changing environment, approaches to securing sensitive data have to change. Organisations must achieve a balance between enabling collaboration and productivity, while at the same time securing sensitive and personally identifiable information. This is all the more important in light of the need to comply with the Protection of Personal Information Act (POPIA).

“Collaboration platforms by their very nature are designed to grant access to multiple users,” Matthews says. “As organisations change the way they work with work from home and hybrid models, the traditional secure perimeter we spent the last 20 years locking down doesn’t exist anymore. So for many organisations, it has become a massive undertaking to determine what data should be shared and how to protect it outside of our secure tunnels. We have little control over what remote workers do with the data they access – they could be making local copies and printing it out, for example.”

On the other hand, too many stringent security controls could be counter-productive and hamper productivity, he says. “If you lock it down, you might find users can’t conduct their normal daily activities. When you put additional barriers in place, people start working around those barriers and controls, and this is where you see the creep of shadow IT, where users use external platforms to work around controls to access the sensitive information they need,” Matthews says.

Ideally, organisations should address these challenges, secure sensitive data and become POPIA compliant by first auditing their data to understand what data they have, and which of it is sensitive and personal. 

However, this process in itself can prove challenging, with potentially terabytes of data to be scanned and identified, a discovery process could take months or even years to complete. Organisations erring on the side of caution might choose to apply encryption and a host of controls to all their data, but this too has drawbacks. 

"POPIA isn’t going to wait, and there are solutions organisations can spin up now to better secure their data and support compliance. There are tools available to monitor what data is transitioning through to users, intercepting it in real time to identify the sensitivity and nature of the data, and who is opening the data via what device and network environment,” he says. “This allows organisations to be proactive, rather than reactive, in protecting sensitive and personal information.”

Matthews notes that not all data leaks are due to outsiders or deliberate theft. “It is relatively common for employees with access to sneak a look at the company salary and bonus records, for example. In the healthcare sector, employees have been caught looking at the records of people they know, or celebrities in hospital. Or an employee might accidentally email a sensitive file to the wrong person when an email address bar auto-populates. In the case of POPIA, the organisation can still be held liable for employee curiosity and mistakes.”

Webinar on 10 November at 10:00 (GMT+2)
7 Best Practices to Protect Personal Data

Matthews will outline challenges and strategies for protecting sensitive data and ensuring compliance at a webinar hosted by archTIS Limited, global provider of solutions to protect the most sensitive information, on 10 November. 

The event will highlight the ways in which data breaches can occur, and elaborate on Seven Best Practices to Protect Personal Data' and Support POPI Act Compliance. 

For more information and to register for this event, go to https://www.itweb.co.za/webinar/popi-act-compliance/