Information security

Information security seeks to address “confidentiality” (ensuring that only authorised persons have access to information), “integrity” (ensuring that information is not maliciously or accidentally corrupted or amended) and “availability” (ensuring that information is available to those persons requiring the information as and when they may need it).

In most jurisdictions the requirement of information security has been as a result of the implementation of privacy legislation and the necessity in terms of privacy legislation to appropriately safeguard personal information. However, in South Africa, in the absence of privacy legislation until the enactment of the Protection of Personal Information Act, the development of information security principles has occurred largely outside of the legislative obligations of privacy legislation. Therefore the focus of most information security interventions has been the “availability” element of information security very often and to a large degree at the cost of the “confidentiality” and “integrity” elements.

Section 19 of the Protection of Personal Information Act requires that a responsible party establishes appropriate security safeguards to ensure that the “integrity” and “confidentiality” of personal information in its possession or under the control of the responsible party is not compromised. Even those companies who have relatively mature information security frameworks but which have predominantly addressed the issue of “availability” will need to review those frameworks in light of the requirement to specifically address “confidentiality” and “integrity”.

Privacy Online can assist companies in establishing information security management systems which address confidentiality, integrity and availability. This approach incorporates the appropriate configuration of information and communications technologies, the development of processes governing the use of the technologies and the training of employees to promote their compliance with the policy, procedures and standards necessary for the proper processing of information, and in particular personal information.

  • 08 August 2018 - 13:41:00
    On the 25th July 2018 as a result of announcements that were made by Facebook relating to its future revenues the market value of Facebook dropped by US$ 148 billion (or R1,95 trillion). This is almost half of South Africa’s total GDP in 2016.

    While there may be several reasons for the decline in Facebook’s revenue which led to the sell-off of shares, one of the three primary factors for the decrease in projected profitability of Facebook is the focus on privacy and security

  • 08 August 2018 - 13:36:00
    As I wrote in a previous article, South Africa according to the PWC Global economic crime and fraud survey of 2018 suffers the second highest number of cybercrimes of all the countries in the world. While I have no statistics to support this I would suggest that internet banking fraud must rank as one of the primary attack vectors for cybercriminals.

    The Ombudsman for Banking Services of South Africa (Ombud) reported that for the first time in 2017 internet banking fraud was the category of crime that was most prevalent of the disputes that the Ombud has been requested to deal with. No less than 1377 internet banking complaints were closed by the Ombud in 2017. It is clear that significantly more citizens are victims of internet banking fraud as not all of the matters have been referred to the Ombud.