The compliance framework for the 7th POPIA condition in the SME ICT sector.
Loading...
Date
2021
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Data privacy legislation has gained momentum throughout the world and affects users of electronic communication devices in both the private and public sectors. Organisations must adopt data privacy regulations to safeguard data belonging to parties who transact using electronic devices. Furthermore, they need to invest in an organised data privacy solution, such as an information security management system.
POPIA, refers to the Protection of Private Information Act, which is the data privacy legislation in South Africa. The POPIA is a legal document consisting of eight conditions, and the 7th condition in the POPIA speaks directly to information security management systems. The aim of the data privacy legislation is for the government and legislature to give data owners control over their data, which is stored in third-party organisations. The third-party organisations, which store and process the data, must follow strict and mandatory protocols with the aim of protecting the data of a data subject, and using it with the consent of the data subject.
The overall aim of this study is to produce a framework that will assist small and medium enterprises (SME) with complying with the POPIA. Furthermore, it seeks to understand the work done by SMEs in implementing information security by looking at what they do to align with data privacy; to implement data privacy; the resources used for compliance; security threats affecting SMEs; and resources made available for compliance. In the same light, the study looks at existing international data privacy rules and regulations and examines their relationship with the POPIA.
The findings of the study indicate that organisations needed a frame of reference to assist them with implementing the 7th condition of the POPIA. In addition to this, the governments assistance is required by organisations as they implement the POPIA. Moreover, organisations seem to have a fairly knowledgeable structure internally which is resourced and supported by senior management with implementing the POPIA. However, they require external support and validation from government as they are not sure of their efforts align to what the 7th POPIA condition requires. Lastly, the frame of reference is developed by adapting best practice and frameworks which deal specifically to issues indicated in the POPIA 7th condition, and recommendations made by the participants in the study.
Description
Masters Degree. University of KwaZulu-Natal, Durban.