Data security protects enterprise information from malicious insiders and hackers

We implement centrally defined access policies using dynamic masking and tokenisation.

Data activity monitoring and user behaviour analytics detect and prevent malicious activity, without compromising your data

THE 4 PILLARS OF DATA SECURITY FOR PRIVACY

Govern, Protect and Monitor your Personal Data

Policies and planning

Policies and planning

Security and access are fit for purpose

 

Access Policies

Physical Security

Physical Security

Protect your data

Access Protection

Everywhere

Everywhere

On-premise and in the cloud

 

Data security

High Availability

High Availability

Authorised users have easy access to information services

Availability

How does data security apply to PoPIA?

We often hear the terms data privacy and data security being used interchangeably. Yet, they are not the same thing.

South Africa's Protection of Personal Information Act (PoPIA) list eight conditions for the protection of personal information, of which only one (Condition 7) is focused on data security.

Similarly, data security is a substantial discipline that extends beyond ensuring data privacy. 

Let's take a look at PoPIA Condition 7

PoPIA Condition 7 - Security safeguards

Section 19 Security measures on integrity and confidentiality of personal information
  1. A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent—
    1. loss of, damage to or unauthorised destruction of personal information; and
    2. unlawful access to or processing of personal information.
  2. In order to give effect to subsection (1), the responsible party must take reasonable measures to—
    1. identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control;
    2. establish and maintain appropriate safeguards against the risks identified;
    3. regularly verify that the safeguards are effectively implemented; and
    4. ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
  3. The responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.

Read our blog

Read our blog

Data protection explained

Read now

Universal Data Authorization

Universal Data Authorization

Dynamically compliance with data security and privacy regulations

Explore

Analyst Report

Analyst Report

Data privacy, security and data-related compliance

 

Register free

Webinar on-demand

Webinar on-demand

Best Practices for Privacy and Governance

 

Register and watch