South Africans who follow the news or have children who finished grade 12 last year will be aware of the furore around the publication of matric results. Despite the court challenge and subsequent ruling that the national senior certificate results would in fact be published on media platforms as they have for many years, the process will likely remain under the spotlight and the education department will seek to get clarity around how to proceed in years to come in its efforts to remain on the right side of the Protection of Personal Information Act (POPIA), which came into force last year.
POPIA and its compliance will remain an important part of business data strategies. Rather than be a phase, data privacy will become a greater concern as time goes on, and every solution or platform that is built will need to have data privacy and protection built into its DNA.
It is appropriate that the court case around the matric results happened in the days leading up to Data Privacy Day, or, as it is widely known in Europe, Data Protection Day, on 28 January. Back when Data Privacy Day was first conceptualised, it was about raising awareness of the importance of privacy, whereas today, it has evolved into an opportunity to promote and encourage the development of technology to protect personal information, encourage compliance with privacy laws and generally trigger discussions among all stakeholders around the topic of data privacy and protection.
South Africa is not alone. Data privacy and the legislation around it is fundamentally changing how companies can, and must, manage personal information belonging to members of the public and their employees. As everyone looks ahead and dreams about the wonders of the metaverse, rest assured that data privacy concerns will remain fundamental to how organisations design their platforms and how regulators around the world react.
Two years ago, in the buildup to Data Protection Day in Europe, Veeam’s Daniel Fried, GM and SVP, EMEA and Worldwide Channels, says: “You could be easily fooled into thinking data privacy as a field has only existed since 2018 [a reference to Europe’s General Data Protection Regulation (GDPR], but nothing could be further from the truth. From an anthropological perspective, human beings have longed for privacy for over 3 000 years.”
Privacy is fundamental to our humanity. This means that it was inevitable that as technology exponentially increased the speed and efficiency of collecting and harvesting data, regulation would follow. It is perhaps important to state at the outset that even in the absence of regulation, how we capture, manage and store personal information should be done ethically in the spirit of privacy.
However, regulation was needed and now organisations that have been scrambling to ensure compliance have come to accept that data protection and privacy needs to be built into systems and processes from the outset. In other words, data privacy considerations should be fundamental to the design and management of solutions and systems. This requires a thorough understanding of how data will be harvested, where it will be stored, how it will be backed up, and very importantly, how it will be protected.
This may seem like an onerous and almost-impossible task, but the truth is that some platform providers and their partners have been building solutions with privacy and protection at the forefront for many years and are in a strong position to deal with the changing legislative landscape.
Fried’s words in 2020 are as relevant today as they were then, and in some ways even more relevant to South Africa at the start of 2022, just six months after POPIA got its teeth. While investing in technologies that are built on a comprehensive Modern Data Protection Strategy that combines effective front-line cybersecurity with thorough data management, backup and disaster recovery, Fried said then that: “Privacy is now a people business. Therefore, the shrewdest investments will be in trusted partners who can guide people at every level of the organisation through the rigours of remaining compliant and help create an authentic culture of data transparency.”