classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Legal protection for data?
November 2017, Security Services & Risk Management

The ‘masterdeeds’ data breach of over 30 million people’s personal records has been cited as South Africa’s worst-ever data breach. The sensitive information in question, including names, addresses, ID numbers, genders, ethnicities and email addresses of people both living and deceased, was extracted from one of South Africa’s top real estate companies, Jigsaw Holdings. In light of this catastrophic data leak, what guarantee do you have that your personal information ­– and that of your clients – is safe?

Ross Saunders, the director of global technology services at Cura Software Solutions, believes that the data should not have been where it was to begin with, and beyond that, the source website did not have best practices in place to keep any data safe. “Their first mistake was to store an extract of their database on a publicly accessible website. The fact that there were insufficient security measures in place and absolutely no data encryption was a recipe for disaster.”

According to Saunders, the solution is on its way in the form of the General Data Protection Legislation (GDPR) for Europe and the Protection of Personal Information Act (POPIA) for South Africa.

From a South African perspective, POPIA sets the conditions for when it is lawful for someone to process someone else’s personal information. The legislation, centred around integrity and confidentiality, is applied to any natural or juristic person who processes personal information, including large corporates and government.

Similarly, the GDPR is one of the most important changes in data privacy regulation in 20 years and aims to protect all EU citizens from data breaches in an increasingly data-driven world. The GDPR replaces the Data Protection Directive and will be enforced as of 25 May 2018. It could be reasonably expected that the GDPR will become the ‘gold standard’ for data privacy regulation globally.

Data protection laws set principles that controllers must comply with, which include the following:

Lawfulness, fairness and transparency

This means that the processing of information must be lawful and not excessive. Processing should be for a defined purpose, and there should be openness as to any processing activities. The principles and conditions of the law must be followed. In an essential step towards data transparency and consumer empowerment, the new legislation stipulates that the data subjects may obtain confirmation as to whether or not their personal data is being processed, where and for what purpose.

Purpose limitation

The processing of the information must be for a defined purpose and limited from further processing without consent thereafter.

Data minimisation

Only necessary data should be kept in order for processing to take place. Organisations should be cognisant of the fact that they should not be keeping excessive data that is unused for their purpose.


The data itself should be accurate, and should allow for data subject participation in making sure it is up to date.

Storage limitation

Once data processing has completed, the data should be removed. It should not be kept for longer than is necessary to perform the data processing activities.

Integrity and confidentiality

Data, wherever it may be stored, must be stored responsibly and with the correct safeguards in place to ensure its security. It is the obligation of the organisation to prevent loss, damage or unlawful access to the data via appropriate security measures. This information must be treated as confidential. In the instance of a security breach, both the regulator and the data subject should be notified of such. Data protection laws also create obligations for controllers, which include:

• Technological and organisational measures that must be implemented to lawfully process data,

• Controlling of processors through contracts,

• Keeping records of processing activities, and

• Co-operating with authorities, and securing personal data.

In conclusion, Saunders says, “Both the GDPR and POPIA are taking extensive measures to protect and empower all citizen’s data privacy and will substantially change the landscape of data breach risks for organisations globally. Along with our other compliance solutions, Cura offers a data privacy solution specifically geared for GDPR and POPIA readiness and management with the assistance of Michalsons attorneys.”

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Awareness and trust in context
    November 2017, CA Southern Africa, Access Control & Identity Management, Security Services & Risk Management
    Markus Krauss, senior director, Digital Identity and Security, CA Technologies, spoke to Hi-Tech Security Solutions about making identity work for people and things.
  • The access edge
    November 2017, Johnson Controls, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, Security Services & Risk Management
    With the common denominator of IP networks as their backbone, building automation, security and, in particular, access control systems are increasingly providing opportunities to both security integrators and building managers.
  • Key management in 2018
    November 2017, Zonke Monitoring Systems, Access Control & Identity Management, Security Services & Risk Management
    With all the technology available today, you would think we were past using old-fashioned keys for security, but far from it.
  • Why own when you can rent?
    November 2017, EOH Security & Building Technologies, Access Control & Identity Management, Security Services & Risk Management
    In a rapid changing environment, business is moving away from owning security equipment to a model of serviced rentals.
  • Minimising maintenance
    November 2017, Naxian Systems, Security Services & Risk Management
    ANNIE (Artificial Neural Network Inside Everything) applies learning to proactively minimise maintenance.
  • Open source intelligence
    November 2017, Security Services & Risk Management
    OSINT has been traditionally used, in conjunction with other forms of information, to support a wide variety of both covert and overt due diligence, security, consumer and commercial intelligence related investigations.
  • 24/7 acquires SMC
    November 2017, 247 Security Group, News, Security Services & Risk Management
    24/7 Security Services has acquired Security Management Consultants (SMC) and formed a new division focusing on estates and schools, which SMC’s Brian Sharkey will head.
  • Protect your personal information
    November 2017, This Week's Editor's Pick, News, Security Services & Risk Management
    SABRIC encourages consumers to protect their personal information by sharing it very selectively and on a need to know basis only.
  • Disaster recovery as a service?
    November 2017, Commvault, This Week's Editor's Pick, Security Services & Risk Management
    Johan Scheepers looks at the implications of the emergence as well as the benefits of disaster recovery as a service (DRaaS).
  • SA manufacturing companies take note
    November 2017, Dimension Data, Cyber Security, Security Services & Risk Management
    South Africa’s manufacturing sector is under growing threat of cyber attack, says Sean Duffy, executive of security solutions for MEA at Dimension Data.
  • Availability in the age of security risk
    November 2017, This Week's Editor's Pick, Security Services & Risk Management
    Enterprises are spending millions on disaster recovery (DR) and business continuity (BC) strategies but they do not invoke them nearly enough for the investment to be measured.
  • Planning for the unexpected
    November 2017, ContinuitySA, Security Services & Risk Management
    SA organisations must factor natural disaster into business continuity planning.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.