classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Legal protection for data?
November 2017, Security Services & Risk Management

The ‘masterdeeds’ data breach of over 30 million people’s personal records has been cited as South Africa’s worst-ever data breach. The sensitive information in question, including names, addresses, ID numbers, genders, ethnicities and email addresses of people both living and deceased, was extracted from one of South Africa’s top real estate companies, Jigsaw Holdings. In light of this catastrophic data leak, what guarantee do you have that your personal information ­– and that of your clients – is safe?

Ross Saunders, the director of global technology services at Cura Software Solutions, believes that the data should not have been where it was to begin with, and beyond that, the source website did not have best practices in place to keep any data safe. “Their first mistake was to store an extract of their database on a publicly accessible website. The fact that there were insufficient security measures in place and absolutely no data encryption was a recipe for disaster.”

According to Saunders, the solution is on its way in the form of the General Data Protection Legislation (GDPR) for Europe and the Protection of Personal Information Act (POPIA) for South Africa.

From a South African perspective, POPIA sets the conditions for when it is lawful for someone to process someone else’s personal information. The legislation, centred around integrity and confidentiality, is applied to any natural or juristic person who processes personal information, including large corporates and government.

Similarly, the GDPR is one of the most important changes in data privacy regulation in 20 years and aims to protect all EU citizens from data breaches in an increasingly data-driven world. The GDPR replaces the Data Protection Directive and will be enforced as of 25 May 2018. It could be reasonably expected that the GDPR will become the ‘gold standard’ for data privacy regulation globally.

Data protection laws set principles that controllers must comply with, which include the following:

Lawfulness, fairness and transparency

This means that the processing of information must be lawful and not excessive. Processing should be for a defined purpose, and there should be openness as to any processing activities. The principles and conditions of the law must be followed. In an essential step towards data transparency and consumer empowerment, the new legislation stipulates that the data subjects may obtain confirmation as to whether or not their personal data is being processed, where and for what purpose.

Purpose limitation

The processing of the information must be for a defined purpose and limited from further processing without consent thereafter.

Data minimisation

Only necessary data should be kept in order for processing to take place. Organisations should be cognisant of the fact that they should not be keeping excessive data that is unused for their purpose.


The data itself should be accurate, and should allow for data subject participation in making sure it is up to date.

Storage limitation

Once data processing has completed, the data should be removed. It should not be kept for longer than is necessary to perform the data processing activities.

Integrity and confidentiality

Data, wherever it may be stored, must be stored responsibly and with the correct safeguards in place to ensure its security. It is the obligation of the organisation to prevent loss, damage or unlawful access to the data via appropriate security measures. This information must be treated as confidential. In the instance of a security breach, both the regulator and the data subject should be notified of such. Data protection laws also create obligations for controllers, which include:

• Technological and organisational measures that must be implemented to lawfully process data,

• Controlling of processors through contracts,

• Keeping records of processing activities, and

• Co-operating with authorities, and securing personal data.

In conclusion, Saunders says, “Both the GDPR and POPIA are taking extensive measures to protect and empower all citizen’s data privacy and will substantially change the landscape of data breach risks for organisations globally. Along with our other compliance solutions, Cura offers a data privacy solution specifically geared for GDPR and POPIA readiness and management with the assistance of Michalsons attorneys.”

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Combating the evolving threat of fraud
    May 2018, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    It is impossible to pin an exact number on how much fraud costs the South African economy, but analysis of leading research reports on the subject puts it easily in the billions of Rands per year.
  • Trust, but verify
    May 2018, iFacts, LexisNexis, Managed Integrity Evaluation, This Week's Editor's Pick, Security Services & Risk Management
    Employee screening is not a new discipline, but the options have grown to assist HR in making the right hiring decision.
  • Do more with security
    May 2018, Johnson Controls, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
    Current trends predict that companies do more with their security solutions than just secure their people, assets or data in the near future.
  • Active Track
    Securex 2018 Preview, Active Track, Asset Management, EAS, RFID, Security Services & Risk Management
    Active Track is a workforce management and reduction of payroll specialist. Its products optimise clients’ security services by ensuring that patrols and duties are carried out on time, every time. The ...
  • Martin Electronics
    Securex 2018 Preview, CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
    Martin Electronics will be showcasing a number of new products and solutions under the Sentry brand at Securex 2018. The company will also have some value-added additions and integrations on display, ...
  • HISSCO International
    Securex 2018 Preview, Hissco, Access Control & Identity Management, Asset Management, EAS, RFID, Security Services & Risk Management
    HISSCO International will be showcasing its range of security X-ray and detection systems at this year’s Securex. The company is currently seeking potential partners, distributors and representatives ...
  • Turnstar
    Securex 2018 Preview, Turnstar Systems, Perimeter Security, Alarms & Intruder Detection, Access Control & Identity Management, Security Services & Risk Management
    Africa’s largest manufacturer of physical access control products, Turnstar, is excited about its return to Securex this year. Craig Sacks, MD of Turnstar, says that the company will use the Securex platform ...
  • Tagtron Solutions
    Securex 2018 Preview, Quality Label Solutions t/a TagTron Solutions, Asset Management, EAS, RFID, Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
    Tagtron Solutions will showcase a number of systems and innovations at Securex 2018. As specialists in display security, Tagtron supplies anti-theft products for protecting goods on open display. The ...
  • ZKTeco South Africa
    Securex 2018 Preview, ZKTeco, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management, Products
    Solutions is what ZKTeco is all about for Securex 2018. ZKTeco South Africa will be offering clients an insight into how its products can be integrated into any platform and provide them with a solution ...
  • TeleEye South Africa
    Securex 2018 Preview, TeleEye (South Africa), CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
    It is well known that farm attacks and farm murders are increasing at an alarming rate in South Africa. According to Afriforum’s latest stats, 156 commercial farmers are murdered per 100 000 people. There ...
  • Trackforce
    Securex 2018 Preview, Security Services & Risk Management
    Trackforce offers an advanced security services management solution that increases workforce accountability, improves operational productivity and enables better communication between all stakeholders. ...
  • Seagate
    Securex 2018 Preview, Seagate Technology, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management, Products
    In line with its participation at Securex 2018, Seagate has announced that it will be showcasing the SkyHawk AI, the very first drive created specifically for artificial intelligence (AI)-enabled video ...

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.