Over 30 million people’s personal records have been stolen. The ‘masterdeeds’ data breach is South Africa’s biggest ever. Troy Hunt, the web security expert who dealt with this breach, said that it listed “almost every living person” in South Africa. This happened due to incompetence by the owner of the server. Regulatory penalties should apply to loss of data, however this doesn’t help those who’s data is already out there. A great deal of sensitive information has been exposed, leaving people vulnerable to fraud, identity theft and other criminal activity.
The General Data Protection Legislation (GDPR) for Europe, and the Protection of Personal Information Act (POPIA) for South Africa, appear to be the key to securing personal information. POPIA has set out rules for processing someone else’s information. They include:
Lawfulness, fairness and transparency
- Information should be processed lawfully and not excessively. There should be openness with any processing activities. For transparency, data subjects may obtain confirmation of their personal information being used, where and why.
- Processing of information should be for a defined purpose only and no further processing should be done without consent.
- Organisations should not keep unused data.
- All data should be accurate and up to date.
- Once data is used, it should be removed and not kept longer than necessary.
Integrity and confidentiality
- Correct safeguards should be in place to ensure the security of data. Organisations should prevent loss, damage or the unlawful accessing of data. All information is to be treated as confidential.
For further control, there are steps to be taken before an organisation can process data. Contracts and keeping records of processing activities ensure safe use of data. There should be complete cooperation with authorities to secure all personal data. GDPR and POPIA are working towards the protection of all citizens data privacy.
Courtesy of Skyways article page 46 | January, 2018