Legal updates and opinions
News / News
When the walls fall in
Ring-a-round the rosie, A pocket full of posies, Ashes! Ashes! We all fall down
The Information Regulator has officially made her presence known. The Enforcement Committee has been established and we have noted various announcements from the Office of the Information Regulator as to current actions underway.
But what does this mean to each and every company? What does this mean to comply with POPIA[1] and how does this impact compliance initiatives? In short, what tasks can employees perform, with absolutely no ill intent, that can still bring the wall falling down?
Can’t make head or tail of POPIA? Lessons from Sheburi V Rail Safety Regulator – Read more here
Employees are expected to remember and adhere to numerous policies, including privacy policies. Poster campaigns are rolled out to reinforce positive behaviour and still when we consider data breaches it is often unbelievable how the mistake that resulted in the breach could have possibly occurred. The reality is that many data breaches occur when employees believe they are doing the right thing.
The top 5 employee privacy risk potholes to avoid.
-
Employees DO NOT be too helpful!
Employees want to do the right thing to keep customers, suppliers, internal and external clients happy. However, being overly helpful may result in an employee providing unnecessary information to complete a task, which increases the risk of a data breach. For example, a well-intended employee may provide more personal information than required. If that information is provided to unauthorised individuals, it would result in a data breach which would be required to be notified to the Information Regulator.
-
Security rules are not followed!
When employees are in a rush and under work pressure, it happens that information, personal information and confidential information could be sent out without applying password protection or using proper encryption. This problem occurs when the security processes and technology is too difficult and time consuming to use, or alternatively the employee has not been trained and cannot use the technology solutions properly.
-
Sending files to the incorrect recipient!
This is in fact the most common and difficult issue to tackle at a company. Many email applications automatically store past email addresses. However, this can increase the chances of a mistake as employees may use the incorrect auto-filled email address and fail to double-check the recipient’s name. It is only after the email is sent, or when the recipient notifies the sender of the incorrect transmission that the error is discovered.
-
The risk of multi-tasking
We are all busy with more than one computer monitor and have a number of computer applications open at a time. When personal information is entered into the wrong system and disclosed this results in a data breach!
-
They collect what they DO NOT need!
Only asking for the bare minimum relevant information required is key and employees must consider this carefully. The less personal information a company has and employees have access to, the less the risk of a data breach. Logically the converse applies.
A lack of robust business processes and employee POPIA training cannot be underestimated.
Thinking before you do, must be the rule when it comes to employees and privacy. Let the house stand firm!
Footnotes
[1] The Protection of Personal Information Act, No. 4 of 2013
Latest News
Tainted treats, spoiled foods and potential dangers…are there any legal safeguards for consumers?
In recent weeks gone by, there have been numerous food poisoning cases reported[1] resulting in serious health issues and, in [...]
It is not only diamonds that are forever – a snapshot of forever and hazardous chemicals
A recent study conducted by the Manchester Metropolitan University revealed that the processes intended to decontaminate noxious liquid landfill waste [...]
Going nowhere fast, proposed amendments to the direct marketing regulations under the CPA published, and your comments are sought!
On October 28, 2024, the Department of Trade, Industry and Competition (dtic) published draft amendments to the regulations under the [...]
The Collection of Premiums on Behalf of Insurers – A Look at the Impact of The Exemption of Juristic Representatives from Section 13(1)(C) of FAIS
and Khanyisa Tshoba, Candidate Attorney Introduction: In practice the need may arise for an insurer to appoint a third party [...]
The effects of the CPA Amendment Act, 2017
and Elia Chitata - Candidate Attorney With the introduction of the Restitution of Land Rights Act 22 of 1994, which [...]
Section 22 – A Springboard into Business Rescue
and Caitlin Steytler – Candidate Attorney In August 2024, Statistics South Africa revealed that 1020 entities filed for liquidation in [...]