Preparing your data for PoPI

1 October 2019 IT infrastructure, Security Services & Risk Management

Now is the time for companies to ensure their data is compliant with the Protection of Personal Information (PoPI) Act. Although, South African businesses have been slow on the uptake when preparing for PoPI, intelligent data management can greatly simplify this mammoth task. Wavering is no longer an option and despite the lengthy process to publish the final regulations, the next step is to establish a deadline. Thereafter, organisations will have a grace period of only one year to comply and avoid heavy fines of up to 10 million rand and other dire consequences such as imprisonment (https://www.popiact-compliance.co.za/popia-information/16-offences-penalties-and-administrative-fines).

The first step - data encryption

When it comes to protecting any information, the way data is secured across the value chain needs to be addressed first and foremost. Encryption is the gold standard for ensuring adequate protection, and while many businesses currently encrypt their data at the storage layer, this is simply no longer enough. A data breach may occur at any point, including internally and while data is in transit. Organisations will be in breach of PoPI if they cannot prove this data is protected.

The General Data Protection Regulation (GDPR) is the European equivalent of PoPI and must be adhered to by all South African companies who do business with companies based in the European Union (EU). However, GDPR enforces similar, if not stricter standards to PoPI. For example, GDPR states that if data is encrypted, in the event of a breach and data theft, compliance is still maintained, and this is not necessarily mentioned in the PoPI Act. Moreover, data must also be encrypted at rest and in transit. As a result, data needs to be encrypted end-to-end, from the storage layer right through the database to the application layer, to ensure GDPR compliance and this will in turn, guarantee PoPI compliance.

The implications of encryption on storage costs

The challenge of end-to-end encryption with data residing on certain storage media is that it can result in storage costs spiralling out of control. This is due to the fact that many of these solutions rely on data reduction such as deduplication and compression to keep storage costs down. However, these techniques cannot be used on encrypted data.

Encrypted data can result in data storage becoming between three and five times more expensive, which can have a significant impact on any businesses total cost of ownership (TCO). In addition, it can negatively affect storage performance, with a knock-on effect to the performance of the business as a whole. It is essential to implement an intelligent storage solution that will prevent this increase in cost and decrease in performance as the amount of encrypted data grows.

An intelligent solution, an intelligent choice

Storage must address three key areas, namely capacity, cost and performance. The typical way of addressing performance challenges is to utilise all-flash arrays (AFAs). However, this is very expensive and therefore achieving high capacity is costly, especially when end-to-end encryption is required since data reduction does not work with here.

Conversely, intelligent software-based solutions can address all three of these areas, using commodity hardware to control cost and increase capacity while delivering high performance. This enables end-to-end encryption to be cost effectively implemented for optimum data protection and compliance. So, is an intelligent software storage solution the answer to PoPI compliance?


Hayden Sadler

The long and short of it

If data is encrypted end-to-end, PoPI (and the GDPR) compliance is maintained, even in the event of a data breach. This means you will not be fined, your reputation will remain intact, and any negative impact resulting from a breach can be mitigated and contained. A proper encryption strategy and intelligent software-based solution eliminates the risk of sensitive data being compromised as well as the risk of a PoPI-related penalty. If you are not prepared for PoPI, the time to start is now, or face the repercussions of non-compliance that could cripple your business.

For more information, contact INFINIDAT, Sapna Capoor, scapoor@infinidat.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Read more...
SIM management tool for IoT security devices
Issue 9 2020, Flickswitch , IT infrastructure
SIM management can appear easy when you start off, but quickly becomes complicated as your SIM base grows.

Read more...
LD Africa joined forces with Jimi IoT
Issue 9 2020, LD Africa , IT infrastructure
LD Africa is now an approved distributor of Jimi IoT security solutions such as body-worn cameras, PTT walkie-talkies over GSM and specialised CCTV cameras.

Read more...
Opportunities on the edge
Issue 9 2020 , Editor's Choice, IT infrastructure
The ability of organisations to realise business value from data increasingly depends on their capacity to collect, process, store and analyse it at the edge.

Read more...
Looking back with a new perspective on the future
Issue 9 2020, Axis Communications SA , Editor's Choice, Security Services & Risk Management
Peter Lindström reflects on predictions he made about the macro trends affecting the sector in 2020 in the light of the pandemic.

Read more...
Think data protection first, POPIA compliance will come
Issue 9 2020, AVeS Cyber Security , IT infrastructure
Rather than focusing only on compliance, use POPIA as an opportunity to sharpen your organisation’s data protection capabilities.

Read more...
Free-flow smart weapons detection system
Issue 8 2020, XPro Security Solutions , News, Security Services & Risk Management, Products
Detecting people carrying weapons and preventing them from entering your venue is now possible, without sacrificing the visitor experience.

Read more...
TRENDnet introduces ONVIF conformant Smart Surveillance switches
Issue 7 2020, TRENDnet , IT infrastructure
Gigabit PoE+ Smart Surveillance switches support PoE self-healing and integrated camera management features, and are ONVIF Profile Q conformant.

Read more...
First Distribution to distribute Video Storage Solutions
Issue 8 2020 , News, CCTV, Surveillance & Remote Monitoring, IT infrastructure
First Distribution has signed an agreement to distribute the entire Video Storage Solutions (VSS) product line of video surveillance appliances.

Read more...
COVID-19 will foster much needed collaboration in the future of work
Issue 7 2020 , IT infrastructure
Business leaders are starting to discuss the lessons learnt from these challenging times and how they can be used to shape the future world of work.

Read more...