Do you comply with Information Security Laws when you secure information?

Consider this example for a moment:

You safeguard your organisation’s property (vehicles, computers, LCD screens, the office kitchen’s appliances, etc.) by appointing security personnel, installing CCTV cameras and putting up electric fencing around the building. Your reason is that this property has value. Losing it and having to replace it will affect your organisation’s bottom line. But, what about the contents of electronic files, removable USB drives, hard drives, serves, cloud accounts, or any other place where you store your organisation’s information? Have you truly considered what losses your organisation may suffer if an intruder should access that information? Sure, you may have secured in a technical manner – but have you secured it from the human element within your organisation? Is the information in those different places valuable to your organisation?

Apart from the purely financial losses you may suffer, there are also the legal consequences of information security laws such as:

  • umbrella data protection laws – the GDPR in the EU, for example, DPA in the UK, and even POPIA in South Africa; and
  • industry specific information security laws – such as those in the healthcare, financial services, and education sectors.

There are also information security standards (such as ISO/IEC 27001:2005, COBIT 5, and ITIL), and obligations – in terms of Non-Disclosure Agreements, for example – where you must secure information and keep it confidential, irrespective of whether that information is personal information or not.

Which of these obligations is your organisation subject to? Have you taken steps to assess the value of your information, and to guard against the risks of not complying with information security laws?

Actions you can take

Interested?

If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.