Legal updates and opinions
News / News
When the walls fall in
Ring-a-round the rosie, A pocket full of posies, Ashes! Ashes! We all fall down
The Information Regulator has officially made her presence known. The Enforcement Committee has been established and we have noted various announcements from the Office of the Information Regulator as to current actions underway.
But what does this mean to each and every company? What does this mean to comply with POPIA[1] and how does this impact compliance initiatives? In short, what tasks can employees perform, with absolutely no ill intent, that can still bring the wall falling down?
Can’t make head or tail of POPIA? Lessons from Sheburi V Rail Safety Regulator – Read more here
Employees are expected to remember and adhere to numerous policies, including privacy policies. Poster campaigns are rolled out to reinforce positive behaviour and still when we consider data breaches it is often unbelievable how the mistake that resulted in the breach could have possibly occurred. The reality is that many data breaches occur when employees believe they are doing the right thing.
The top 5 employee privacy risk potholes to avoid.
-
Employees DO NOT be too helpful!
Employees want to do the right thing to keep customers, suppliers, internal and external clients happy. However, being overly helpful may result in an employee providing unnecessary information to complete a task, which increases the risk of a data breach. For example, a well-intended employee may provide more personal information than required. If that information is provided to unauthorised individuals, it would result in a data breach which would be required to be notified to the Information Regulator.
-
Security rules are not followed!
When employees are in a rush and under work pressure, it happens that information, personal information and confidential information could be sent out without applying password protection or using proper encryption. This problem occurs when the security processes and technology is too difficult and time consuming to use, or alternatively the employee has not been trained and cannot use the technology solutions properly.
-
Sending files to the incorrect recipient!
This is in fact the most common and difficult issue to tackle at a company. Many email applications automatically store past email addresses. However, this can increase the chances of a mistake as employees may use the incorrect auto-filled email address and fail to double-check the recipient’s name. It is only after the email is sent, or when the recipient notifies the sender of the incorrect transmission that the error is discovered.
-
The risk of multi-tasking
We are all busy with more than one computer monitor and have a number of computer applications open at a time. When personal information is entered into the wrong system and disclosed this results in a data breach!
-
They collect what they DO NOT need!
Only asking for the bare minimum relevant information required is key and employees must consider this carefully. The less personal information a company has and employees have access to, the less the risk of a data breach. Logically the converse applies.
A lack of robust business processes and employee POPIA training cannot be underestimated.
Thinking before you do, must be the rule when it comes to employees and privacy. Let the house stand firm!
Footnotes
[1] The Protection of Personal Information Act, No. 4 of 2013
Latest News
Employment Equity Amendment Act Commencement – Important news for employers employing more than 50 employees
The President of the Republic of South Africa has recently proclaimed that the Employment Equity Amendment Act No.4 of 2022 [...]
Shell shock: reversal of landmark Dutch ruling holds lessons for South African climate change litigation
- Reviewer and Slade van Rooyen - Candidate Attorney The 2021 decision of a Dutch district court in Milieudefensie v [...]
A step closer to establishing the National Council on gender-based violence and femicide
After the President assented to the National Council on Gender-Based Violence and Femicide Act No. 9 of 2024 ("Act") in [...]
The Climate Change Act has a crucial role to play in the fight against the climate crisis in South Africa
and Mmatshepo Papo - Candidate Attorney Frequent and intense weather events and devastating effects of climate change are being experienced [...]
Stretching Boundaries: Can a Trade Union Represent Employees Who Fall Outside of its Registered Scope in Employment Disputes?
and Yendiswa Sithole - Candidate Attorney The Constitutional Court ("the CC") in AFGRI Animal Feeds (A Division of PhilAfrica Foods [...]
Working From Home: Can Employers Withhold Pay Over Office Attendance?
and Hanán Jeppie - Candidate Attorney ISSUE In National Union of Public Service and Allied Workers obo Cesiko / South [...]