PoPI – Protection of Personal Information
What do you need to protect your data?
The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent to the EU GDPR. The purpose of the POPI Act is to enforce the consequences should a South African institution not behave in a responsible way when they collect, process, store, and share someone else’s personal information. What is someone’s “personal information”?
Companies might collect identity or passport numbers, date of birth and age, phone numbers including cell phone numbers, email addresses, online or instant messaging identifiers, physical address or gender, race, and ethnic origin. These are just a few examples of what kind of data your company might collect, process, and store.
There are eight information protection principles contained in the Bill which are as follows:
- Principle 1: Accountability
- Principle 2: Processing Limitation
- Principle 3: Purpose Specification
- Principle 4: Further Processing Limitation
- Principle 5: Information Quality
- Principle 6: Openness
- Principle 7: Security Safeguards
- Principle 8: Data Subject Participation
IT-Works is particularly interested in Principle 7 – The underlying theme of Principle 7 is that all personal information should be kept secure against the risk of loss, unauthorized access, interference, modification, destruction, or disclosure. We have several key solutions to keep your data secure:
Microsoft O365 – Email – We highly recommend that your email is hosted with a Microsoft O365 Exchange Online account. MS has a range of security features on their mail solution but one aspect to highlight is that you can activate Multi-Factor-Authentication (known as MFA) on your account which safeguards against unauthorized access to your email account or any service with Microsoft
OneDrive/SharePoint – Data Storage – keep all your sensitive and critical data secure with the Microsoft cloud storage solution. As above, this can have MFA enabled to ensure the security of the account access. Share and manage access rights to users in a single place
BeachHeadSecure – A company needs to secure each of the devices in the network, both within your organization and work-from-home (WFH) devices. You need to ensure that devices are encrypted and protected from unlawful access/logon, device loss, or theft. Using the remotely managed BeachheadSecure platform, IT-Works can easily enforce unobtrusive encryption and data security for all company and employee-owned devices in use within your organization, including for a distributed work computing environment (i.e. remote workers and work-from-home). The BeachheadSecure platform allows any organization to manage the security of all devices from one consolidated administration console. BeachheadSecure provides support for native encryption on PCs (EFS, BitLocker, or both), Macs (FileVault), iOS devices, Android devices, and USB flash drives.
Take this quick survery and see if you are on the road to becoming POPI Compliant.
Contact IT-Works now if you have any doubts or concerns about the protection of your data and devices – Making-IT-Simple!
