Take Note IT

Get in Touch

Purpose of POPI

Security Operations Center

Share This Post

The purpose of the Protection of Personal Information Act 4 2013 (“POPI”) is not to prohibit the processing of personal information per se. One of the purposes of POPI is rather to regulate the processing of personal information by also prescribing that organisations must implement appropriate safeguards to ensure that personal information processed will be protected and secured.

In essence, this condition requires organisations to secure the integrity and confidentiality of all personal information in their possession or under its control. This will be achieved through implementing appropriate and reasonable security measures.

Identification of security risks

POPI Act sets the obligation on businesses to identify security risks on an ongoing basis and implement measures to reduce risks that have been identified. As the POPI Act has not set out how to implement these security measures, businesses must consider applicable industry security practices like ISO 27000, (published by ISO, the International Organisation for Standardisation, is a series of best practices to help organisations improve their information security) and then implement appropriate security measures for the business.

Security safeguards

Businesses should assess information and cybersecurity safeguards and implement practical controls or processes in response to risks identified to help them enhance their security postures to reduce the risk of a data breach or unlawful processing.

It is therefore critical for businesses to consider their current measures to ensure that personal information is not lost, damaged or destroyed and assess whether or not an unauthorised third party could easily access or process such personal information.

The following controls and processes can be implemented to ensure that information is protected and processed lawfully:

  • Penetration and vulnerability testing (this is a simulated cyber-attack against your computer system to check for exploitable vulnerabilities)
  •  Endpoints security or protection of devices on the business network is required for protection against data-stealing malware and ransomware
  •  Data access controls to prevent unauthorised access
  • Review of access rights on an ongoing basis
  • Physical access controls

© Copyright 2023 Take Note IT – All Rights Reserved

Sitemap

Solverwp- WordPress Theme and Plugin