The Information Regulator has approached the President to issue a commencement date of 1 April 2020 for the remaining provisions of the Protection of Personal Information Act (POPI).
“While businesses have 12 months to comply once all POPI provisions are in effect – the implications of non-compliance are so significant that developing a compliance mindset as soon as possible is imperative,” says Louella Tindale, data protection specialist at Caveat Legal.
Practically speaking, these are steps that businesses can start taking on the road to compliance:
- Identify what personal information you collect, from whom and where you store it.
- Perform a gap analysis to identify risks – do it yourself by referring to the eight principles contained in POPI or engage an expert.
- Review your communication tools – do you direct marketing or send out newsletters?
- Consider data subject rights, and how your organisation will give effect to the right to withdraw consent.
- Implement compliance training for your staff and consider approaches to training new joiners.
- Review your contracts – consider amendments to include POPI compliance clauses.
- Review your IT security and physical security.
- Have privacy notices drawn up and consider where links to such notices should be maintained.
- Put in place a security protocol for staff covering online and physical access.
- Consider appointing a Deputy Information Officer (under POPI read with the Promotion of Access to Information Act, the CEO or head of the organisation is automatically deemed to be the Information Officer).
“The duty to comply may not be limited to POPI, and international data protection laws may also apply,” Tindale cautions. “If you are processing the personal information of EU residents you may need to comply with the EU General Data Protection Regulations, and if intend receiving personal information of EU residents on behalf of a US company, it is likely that such US company will require you to comply with the terms of the EU-US Privacy Shield.”
TikTok takes on COVID-19
The fastest growing social media platform in the world has also become an epicenter of public education about the coronavirus, attracting more than 30-billion views, writes ARTHUR GOLDSTUCK
The young have been getting a bad rap for wanting to party on while COVID-19 sends the world into lockdown. But a different movie is playing itself out on the social platform that is growing fastest among teenagers: TikTok.
Awareness campaigns by TikTok itself, collaboration with the International Red Cross, and spontaneous videos made by TikTok creators have combined into a barrage of information, education, awareness and social consciousness around the coronavirus.
Both globally and in South Africa, TikTok’s COVID-19 campaigns have gone viral.
The local #HayiCorona challenge, designed to remind people not to touch their face and wash hands regularly, has passed 1.5-million views. The TikTok collaboration with the International Red Cross, the #WashingHands challenge, has passed 12.6-million views.
One of the best-known participants in these challenges is the past year’s icon of South African talent, the Ndlovu Youth Choir, took up the global challenge with a 20-second hand-washing video. It put together a performance that brings tremendous energy to what can be a clichéd message, and ends with a punt for the Department of Health’s WhatsApp information service. The video can be viewed below.
“On a global scale, TikTok also partnered with the World Health Organization (WHO) to ensure that, while creators are still having fun and expressing themselves on the platform, they stay informed with COVID-19 information coming from a reliable source,” a TikTok spokesperson told us. “Through the partnership, the WHO has created an informational page on TikTok that offers information to curb the spread of the coronavirus as well as dispelling myths.”
The page can be viewed at https://vm.tiktok.com/GHTEGf
TikTok has hosted a number of livestreams with WHO experts, attracting users from more than 70 countries, tuning in for live question and answer sessions. It has also introduced labels on coronavirus-related videos, to point users to trusted information. Resources are also offered directly in the app and in a dedicated COVID-19 section of TikTok’s Safety Center, at https://www.tiktok.com/safety/resources/covid-19.
If users simply want to explore videos on the topic, they can search via the #coronavirus hashtag, or click on https://vm.tiktok.com/swKbn4. The hashtag has had an astonishing 33.8-billion views, indicating the scale of activity and interest around the topic on the platform.
Read more on the next page about how South Africans have embraced the campaign.
On World Backup Day: backup, backup, backup
It was World Backup Day yesterday, 31 March, at a time when business continuity is threatened as never before. That makes calls for protecting email and defending against ransomware all the more urgent.
The global coronavirus pandemic has brought into stark relief many organisations’ lack of business continuity plans and policies. With more than two billion people around the globe in forced lockdown in wide-ranging government efforts to stem the tide of infections, an unprecedented number of employees are working remotely.
This interruption to the normal way of work is precisely what an effective and resilient business continuity strategy should plan for, says Heino Gevers, cybersecurity specialist at Mimecast.
“Companies need uninterrupted access to critical business applications during times of disruption, including safe and secure web and email access for workers that are now operating outside the normal perimeters of the organisation,” he says. “In addition, comprehensive backup and archiving solutions should be ready to restore access to critical business applications should there be any unplanned downtime to ensure continuity until the crisis passes.”
According to Gevers, the current global crisis is likely to push business continuity up the list of priorities for many organisations that have been disrupted by the effects of the coronavirus.
“Organisations are facing new challenges to their productivity; for example in terms of technical support. If a remote user is infected with malware or ransomware, how does the IT team restore that device or do any remediation without being able to physically access it?”
Gevers advises that organisations implement tools that enhances the data protection capabilities of commonly-used tools such as Office365 and can leverage archived data to provide quick recovery of email data in the event of accidental loss, malicious attacks or technical failure.
“As adoption of cloud-based business applications grow in the wake of forced lockdowns around the globe, companies need to ensure they have the tools to recover in any situation,” he says. “This includes a data management strategy that combines archiving, backup and data protection capabilities to allow for quick restoration of critical systems and applications in the event of disruption.”
Jasmit Sagoo, head of technology at Veritas for the United Kingdom and Ireland, warns that this is a golden age for cybercriminals looking for ransomware opportunities.
“As the global cost of ransomware continues to grow, this World Backup Day,
Veritas is saying: ‘don’t pay up, back up!’,” he says. “Ransomware is
said to generate an estimated annual revenue of $1 billion a year, and
companies who are not consistent in backing up their data are allowing
criminals to line their pockets.
“Ransomware attacks exist only because some businesses can’t survive unless the hackers give them back their data. So, the key to survival is removing that reliance and being able to regain access to data, without engaging with the cybercriminals. The best way to do that is with a sound backup strategy.
“Sagoo advises organisations to create isolated, offline backup copies of their data to keep it out of reach of any attackers. They then need to proactively monitor and restrict backup credentials, while running backups frequently to shrink the risk of potential data loss. Businesses should also test and retest their ransomware defences regularly.
“Ransomware strikes without warning and it doesn’t discriminate between its targets – it can happen to any organisation, large or small. Despite their best efforts, most companies will fall to at least one attack. What distinguishes one victim from another is the ability to bounce back, which ultimately depends on its backup strategy.
“When ransomware hits, organisations that aren’t prepared often feel helpless to do anything other than to submit to their attacker’s demands. That’s why we’re urging all businesses to use World Backup Day as a catalyst to get ahead of the situation and get their data protected.”