Data is now so valuable that it’s considered the ‘new oil’. Meaning that the laws governing privacy and data protection are not only relevant but crucial to protecting clients and ultimately your organisation’s success.
The policy applies to the government, its service providers, and private entities processing government data.
Policy interventions are actions the government is currently implementing, while proposals are suggestions for future actions.
The National Institute of Standards and Technology (NIST) defines cloud computing as "a model for enabling ubiquitous, convenient, and on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications, and services) that can be rapidly [...]
Now, there is a question. It depends on the organisation, but often, it is someone in legal or compliance. But no formal qualifications are required by law. It is essential that the person you select as your information officer (IO) [...]
Responsible parties should register their information officer online (encouraged) as soon as possible. Failing to register your information officer is not a criminal offence, but there can be severe consequences. If you struggle to register on the portal, we [...]
Information security is a more comprehensive approach to safeguarding all types of information. Data protection really focuses on personal data or sensitive data.
POPIA aims to protect the privacy and security of personal information processed by public and private bodies. It sets out conditions for the lawful collection, use, storage, and destruction of personal information. PAIA aims to give effect to the constitutional [...]
The Information Regulator (IR) does communicate with other regulators but because each regulator has its own mandates, the IR is confined to the parameters of POPI and PAIA and anything that falls outside the four corners of these Acts will [...]
The initial difficulty that South Africa is facing is that it does not have a cybercrimes commission. At present, the Information Regulator works closely with the police and the Hawks but uses its own processes separate to those used by [...]
The Information Regulator will have a similar role with the Cybersecurity Act as it does now when receiving data breach notifications. A data breach is usually occurring at the same time as when a cybercrime is happening. The difficulty with [...]
The Information Regulator plans to clarify its updates on prior authorisation such as making application forms easier to use, in an upcoming guidance note. When dealing with personal information, remember to consider it in a holistic point of view. There [...]
The Information Regulator (IR) has discretion in when to assess organisations' data processing practices under both POPIA and PAIA. They follow prescribed procedures and inform applicants about the scope and reasons for the assessment. For POPIA assessments, factors considered include [...]
