Best practice tips for strengthening data privacy system

Issue 6 2023 Security Services & Risk Management, Information Security


Kgotso Masenya.

South Africa has become a fertile hunting ground for international cybercriminals. Research by security company Kaspersky, indicates that more than half of South African companies were targeted in the past year, while spyware attacks increased by 18,8% between the last quarter of 2022 and the first quarter of 2023. In respect of the latter, it is mostly government systems that are under siege.

Phishing, business e-mail ‘spoofing’, and malware attacks are among the most common cybercrimes, though Internet of Things vulnerabilities are increasingly being exploited as well. Unsecured smart devices often do not have adequate protective controls in place to detect, isolate and mitigate these cyber onslaughts.

According to Kgotso Masenya, Head of Information Technology at World Wide Industrial and Systems Engineers (WWISE), it has become crucial for organisations to build secure data privacy systems able to mitigate any possible attack.

Masenya has compiled a checklist of requirements for such systems. This includes:

• Compliance with regulations: The company should comply with any applicable data privacy laws, such as PoPIA in South Africa.

• Data inventory and classification: A company’s data should be broken down into categories based on significance and sensitivity.

• Access control: Access restrictions need to be put in place to guarantee that only people with permission may access sensitive information.

• Encryption: Encryption safeguards data both at rest and while it is being sent

• Data lifespan management: A plan for managing data throughout its lifespan, including rules for data destruction and retention.

• Secure data storage: Use of compliant and secure data storage options for data to protect against known vulnerabilities.

• Data masking and anonymization: Anonymise or pseudonymize sensitive data wherever it is practical.

• Data transfer security: Secure data transmissions are made possible by employing encryption protocols like SSL/TLS. Secure communication routes should be used, especially when sharing data with other parties.

• Audit trails and monitoring: Implement reliable auditing and monitoring mechanisms to keep track of data access and modifications.

• Incident response plan: Develop a thorough incident response strategy to deal with data breaches or privacy problems right away.

• Regular security audits and penetration testing: Periodic security audits and penetration testing.

“A further course of action,” Masenya says, “is the implementation of ISO/IEC 27001:2022, a standard developed by the International Organisation for Standardisation (ISO).” The tool speaks directly to information security, cybersecurity and privacy in terms of information security management systems.

“This standard gives an organisation the ability to implement a framework of controls that ensures there are sufficient redundancies and guidelines to conform to a school of international guidelines/standards that embodies governance, statutory and regulatory requirements, and cyber and information security,” Masenya says.

Enlisting the services of the right ISO specialist is just as important as the implementation itself, and companies should always look at aspects like reputation and experience, competence, conformance to industry standards and laws, proof of concept and the quality of gap analysis reports.

“Once implemented, the key people in managing the data privacy system are usually your chief information security officer, data protection officer, chief information officer, IT department and data owners and custodians,” Masenya says.

“What you want from them is to explain the importance of privacy and data management obligations and emphasise how crucial it is to follow data protection rules. They should also provide guidance on impact analyses and act as a point of contact for data subjects.”

“In addition, staffers in these positions should be responsible for implementing access restrictions, encryption and other strong security measures,” he adds.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.