Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Legal protection for data?

1 November 2017 Security Services & Risk Management

The ‘masterdeeds’ data breach of over 30 million people’s personal records has been cited as South Africa’s worst-ever data breach. The sensitive information in question, including names, addresses, ID numbers, genders, ethnicities and email addresses of people both living and deceased, was extracted from one of South Africa’s top real estate companies, Jigsaw Holdings. In light of this catastrophic data leak, what guarantee do you have that your personal information ­– and that of your clients – is safe?

Ross Saunders, the director of global technology services at Cura Software Solutions, believes that the data should not have been where it was to begin with, and beyond that, the source website did not have best practices in place to keep any data safe. “Their first mistake was to store an extract of their database on a publicly accessible website. The fact that there were insufficient security measures in place and absolutely no data encryption was a recipe for disaster.”

According to Saunders, the solution is on its way in the form of the General Data Protection Legislation (GDPR) for Europe and the Protection of Personal Information Act (POPIA) for South Africa.

From a South African perspective, POPIA sets the conditions for when it is lawful for someone to process someone else’s personal information. The legislation, centred around integrity and confidentiality, is applied to any natural or juristic person who processes personal information, including large corporates and government.

Similarly, the GDPR is one of the most important changes in data privacy regulation in 20 years and aims to protect all EU citizens from data breaches in an increasingly data-driven world. The GDPR replaces the Data Protection Directive and will be enforced as of 25 May 2018. It could be reasonably expected that the GDPR will become the ‘gold standard’ for data privacy regulation globally.

Data protection laws set principles that controllers must comply with, which include the following:

Lawfulness, fairness and transparency

This means that the processing of information must be lawful and not excessive. Processing should be for a defined purpose, and there should be openness as to any processing activities. The principles and conditions of the law must be followed. In an essential step towards data transparency and consumer empowerment, the new legislation stipulates that the data subjects may obtain confirmation as to whether or not their personal data is being processed, where and for what purpose.

Purpose limitation

The processing of the information must be for a defined purpose and limited from further processing without consent thereafter.

Data minimisation

Only necessary data should be kept in order for processing to take place. Organisations should be cognisant of the fact that they should not be keeping excessive data that is unused for their purpose.

Accuracy

The data itself should be accurate, and should allow for data subject participation in making sure it is up to date.

Storage limitation

Once data processing has completed, the data should be removed. It should not be kept for longer than is necessary to perform the data processing activities.

Integrity and confidentiality

Data, wherever it may be stored, must be stored responsibly and with the correct safeguards in place to ensure its security. It is the obligation of the organisation to prevent loss, damage or unlawful access to the data via appropriate security measures. This information must be treated as confidential. In the instance of a security breach, both the regulator and the data subject should be notified of such. Data protection laws also create obligations for controllers, which include:

• Technological and organisational measures that must be implemented to lawfully process data,

• Controlling of processors through contracts,

• Keeping records of processing activities, and

• Co-operating with authorities, and securing personal data.

In conclusion, Saunders says, “Both the GDPR and POPIA are taking extensive measures to protect and empower all citizen’s data privacy and will substantially change the landscape of data breach risks for organisations globally. Along with our other compliance solutions, Cura offers a data privacy solution specifically geared for GDPR and POPIA readiness and management with the assistance of Michalsons attorneys.”





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
SA’s private security industry receives multi-million USD investment
News & Events Security Services & Risk Management
South Africa's private security sector has attracted significant international attention, with the world’s largest tactical flashlight manufacturer, Nextorch, announcing a major investment in its local operations, Nextorch Africa.

Read more...
Vetting people in security estates
iFacts Security Services & Risk Management Residential Estate (Industry)
In today’s security-conscious South Africa, estate management’s responsibility extends beyond gates and patrols; it involves ensuring that every resident, staff member, and service provider upholds the community’s safety standards.

Read more...
View from the trenches
Technews Publishing SMART Security Solutions Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
There are many great options available to estates for effectively managing their security and operations, but those in the trenches are often limited by body corporate/HOA budget restrictions and misunderstandings.

Read more...
IVA AI Pro Visual Gun Detection
Products & Solutions Surveillance Security Services & Risk Management Residential Estate (Industry)
Bosch has announced the launch of the IVA AI Pro Visual Gun Detection analytics based on deep learning. It is designed for automatic detection and classification of people and brandished firearms.

Read more...
IP-based horn loudspeakers
Products & Solutions Surveillance Security Services & Risk Management Residential Estate (Industry)
Bosch has announced the launch of its new IP-based horn loudspeakers and amplifier module: the high-output LHN-UC15L-SIP horn (for long-throw applications), the compact LHN-UC15W-SIP horn (for wide-angle coverage) and the AMN-P15-SIP amplifier module.

Read more...
SMART Estate Security Conference KZN 2025
Arteco Global Africa OneSpace Technologies SMART Security Solutions Technews Publishing Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
May 2025 saw the SMART Security Solutions team heading off to Durban for our annual Estate Security Conference, once again hosted at the Mount Edgecombe Country Club.

Read more...
ProtecLink 2025 spotlights industry tensions and transformation
Magtouch Electronics t/a Ithegi Electronics Security Services & Risk Management News & Events
ProtecLink 2025, created and hosted by Ithegi Electronics, brought together key stakeholders from the security, finance, and innovation sectors under the theme "Connecting Security, Finance, and Innovation: Inspiring Transformation in the Industry."

Read more...
SSG Holdings acquired by Fidelity Services Group
News & Events Security Services & Risk Management
Fidelity Services Group has successfully acquired a majority shareholding in SSG Holdings. The acquisition builds on Fidelity’s track record of strategic expansion, including previous high-profile acquisitions.

Read more...
The role of drones in farm protection
Agriculture (Industry) Security Services & Risk Management
Laurence Palmer reminds us of the role drones play in agricultural security and offers a free security risk assessment template for downloading (link at the end of the article).

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.