The passing of the POPI act into South African law in 2013 and the imminent appointment of an Information Regulator has forced local businesses to sit up and listen as they are given a deadline of a year to comply, but says GREGORY ANDERSON, the effective date for POPI is not set in stone.
POPI became an Act of Parliament in 2013 however, it will only come into effect by proclamation by the president Jacob Zuma in the Government Gazette. So from the date of the President’s proclamation, companies – no matter their size – will have one year to make the necessary changes to become POPI compliant.
However, the President has already proclaimed certain sections of POPI into effect, specifically the section that provides for the establishment of an Information Regulator to oversee and enforce the provisions of POPI. It is suspected that once said regulator has been established, the President will proclaim the rest of the provisions of POPI into effect. There is currently no clue as to when this date may be, however it has been predicted that it could be towards the end of this year. Nevertheless you should already be thinking about – if not implementing – the necessary changes.
Knowing it is coming is all good and well, but so you know what POPI is and how it affects your business?
For argument’s sake let’s pretend that you been have living under a rock and that you have no idea what POPI is. In this case you would need to know that the POPI Act is an all-inclusive piece of legislation which aims to regulate the processing (see the very detailed definition of this word in the Act) of personal information.
POPI outlines personal information as any information relating to an identifiable, living natural or juristic person and includes but is not limited to contact details, demographic information, history, biometric information, opinions of and about a person or private correspondence (like email). Those that fail to comply with POPI in the set out time-limit – and that don’t apply for and receive an extension – may be subjected to fines of up to R10 million and even jail time.
One of the eight conditions established by POPI in order for the processing of personal data to be lawful is that reasonable security measures be applied to protect it. So the short answer to companies that wonder if POPI will affect them is: If you have customers, partners or staff and you have any of their personal information stored in your database then POPI definitely applies to you.
The next logical question then is, how safe is your data?
Safeguarding your data
POPI makes it obligatory for companies to do what IT security vendors have been preaching for years: put the security of data first. Because of POPI local companies will need to better protect and manage the personal records and information they process. This pertains to information of their customers and clients but it also concerns every employee in their service.
In the technology and information age we live in POPI can be seen as a starting point for businesses and professionals who want to take stock of how they handle and subsequently govern this valuable business asset. With cybercrime incidents increasing and gaining complexity and trends like Cloud, BYOD as well as the Internet of Everything in full swing, there are a lot of information channels that need to be secured within any organisation’s network.
In addition to this information ‚Äòstock take’, it is a good idea to map out how you – as a company – plan to meet the legal requirements of POPI. This is an especially vital step when it comes to the security of company data, do you know what security measures you have in place? Do you have in place a holistic security solution that covers you from end-to-end?
Have you business taken measures toward data loss prevention and encryption in your business? Technologies like Trend Micro Integrated DLP (Data Loss Prevention) protect your company data from endpoint to cloud based on the polices set up on what data can leave the organisation, while encryption technologies like Trend Micro Endpoint Encryption provide full disk, file encryption and data protection.
Technologies that are designed to protect your business in the cloud and at the virtual layer can protect your company data. Trend Micro Deep Security is a robust solution for cloud computing and virtual environments because it enables the user to take advantage of “better-than-physical” protection. It is a single platform that integrates all security technologies and in turn is able to resolve any operational issues that may arise in the virtual environment.
Trend Micro’s Deep Security Solution delivers comprehensive, adaptive, highly efficient, agentless and agent-based protection, including anti-malware, intrusion detection and prevention, firewall, web application protection, integrity monitoring and log inspection. With Deep Security businesses will be aware of security breaches and will have advanced protection for physical, virtual and cloud servers.
The protection of data should have always been a company priority because a data breach not only puts your clients and customers at risk, but it risks the reputation of your entire business. Every person that trusts you with their data, is essentially placing in you a belief that it will be protected and once that information is breached, the trust is gone for good and you will be left in despair as clients and customers turn their backs on your business. Are you willing to risk that?
* Gregory Anderson, country manager, Trend Micro South Africa
* Follow Gadget on Twitter on @GadgetZA
Prepare for deepfake impact
Is the world as we know it ready for the real impact of deepfake? CAREY VAN VLAANDEREN, CEO at ESET SA, digs deeper
Deepfake technology is rapidly becoming easier and quicker to create and it’s opening a door into a new form of cybercrime. Although it’s still mostly seen as relatively harmful or even humorous, this craze could take a more sinister turn in the future and be at the heart of political scandals, cybercrime, or even unimaginable concepts involving fake videos. And it won’t be just public figures that bear the brunt.
A deepfake is the technique of human-image synthesis based on artificial intelligence to create fake content either from scratch or using existing video designed to replicate the look and sound of a real human. Such videos can look incredibly real and currently many of these videos involve celebrities or public figures saying something outrageous or untrue.
New research shows a huge increase in the creation of deepfake videos, with the number online almost doubling in the last nine months alone. Deepfakes are increasing in quality at a swift rate, too. This video showing Bill Hader morphing effortlessly between Tom Cruise and Seth Rogan is just one example of how authentic these videos are looking, as well as sounding. If you search YouTube for the term ‘deepfake’ it will make you realise we are viewing the tip of the iceberg as to what is to come.
In fact, we have already seen deepfake technology used for fraud, where a deepfaked voice was reportedly used to scam a CEO out of a large sum of cash. It is believed the CEO of an unnamed UK firm thought he was on the phone to his boss and followed the orders to immediately transfer €220,000 (roughly US$244,000) to a Hungarian supplier’s bank account. If it was this easy to influence someone by just asking them to do it over the phone, then surely we will need better security in place to mitigate this threat.
Fooling the naked eye
We have also seen apps making DeepNudes where apps were able to turn any clothed person into a topless photo in seconds. Although, luckily, this particular app has now been taken offline, what if this comes back in another form with a vengeance and is able to create convincingly authentic-looking video?
There is also evidence that the production of these videos is becoming a lucrative business especially in the pornography industry. The BBC says “96% of these videos are of female celebrities having their likenesses swapped into sexually explicit videos – without their knowledge or consent”.
A recent Californian bill has taken a leap of faith and made it illegal to create a pornographic deepfake of someone without their consent with a penalty of up to $150,000. But chances are that no legislation will be enough to deter some people from fabricating the videos.
To be sure, an article from The Economist discusses that in order to make a convincing enough deepfake you would need a serious amount of video footage and/or voice recordings in order to make even a short deepfake clip.
Having said that, In the not-too-distant future, it may be entirely possible to take just a few short Instagram stories to create a deepfake that is believed by the majority of their followers online or by anyone else who knows them. We may see some unimaginable videos appearing of people closer to home – the boss, our colleagues, our peers, our family. Additionally, deepfakes may also be used for bullying in schools, the office or even further afield.
Furthermore, cybercriminals will definitely use such technology to spearphish victims. Deepfakes keep getting cheaper to create and become near-impossible to detect with the human eye alone. As a result, alt that fakery could very easily muddy the water between fact and fiction, which in turn could force us to not trust anything – even when presented with what our senses are telling us to believe.
Heading off the very real threat
So, what can be done to prepare us for this threat? First, we need to better educate people that deepfakes exist, how they work and the potential damage they can cause. We will all need to learn to treat even the most realistic videos we see that they could be a total fabrication.
Secondly, technology desperately needs to develop better detection of deepfakes. There is already research going into it, but it’s nowhere near where it should be yet. Although machine learning is at the heart of creating them in the first place, there needs to be something in place that acts as the antidote being able to detect them without relying on human eyes alone.
Finally, social media platforms need to realize there is a huge potential threat with the impact of deepfakes because when you mix a shocking video with social media, the outcome tends to spread very rapidly and potentially could have a detrimental impact on society.
A career in data science – or your money back
The Explore Data Science Academy is offering high demand skills courses – and guarantees employment for trainees
The Explore Data Science Academy (EDSA) has announced several new courses in 2020 that it says will radically change the shape of data science education in South Africa.
Comprising Data Science, Data Engineering, Data Analytics and Machine Learning, each six-month course provides vital digital skills that are in high demand in the market place. The full time, fully immersive courses each cost R60 000 including VAT.
The courses are differentiated from any other available by the fact that EDSA has introduced a money back promise if it cannot place the candidate in a job within six months of graduation and at a minimum annual starting salary of R240 000.
“For South Africans with drive and aptitude, this is the perfect opportunity to launch a career in what has been called the sexiest career of the 21stcentury,” says Explore founder Shaun Dippnall.
Dippnall and his team are betting on the explosive demand for data science skills locally and globally.
“There is a massive supply-demand gap in the area of data science and our universities and colleges are struggling to keep up with the rapid growth and changing nature of specific digital skills being demanded by companies.
“We are offering specifically a work ready opportunity in a highly skills deficient sector, and one which guarantees employment thereafter.”
The latter is particularly pertinent to young South Africans – a segment which currently faces a 30 percent unemployment rate.
“If you have skills in either Data Science, Data Engineering, Data Analytics or Machine Learning, you will find work locally, even globally. We’re confident of that,” says Dippnall.
EDSA is part of the larger Explore organisation and has for the past two years offered young people an opportunity to be trained as data scientists and embark on careers in a fast-growing sector of the economy.
In its first year of operation, EDSA trained 100 learners as data scientists in a fully sponsored, full-time 12-month course. In year two, this number increased to 400.
“Because we are connected with hundreds of employers and have an excellent understanding of the skills they need, our current placement rate is over 90 percent of the students we’ve taught,” Dippnall says. “These learners can earn an average of R360 000 annually, hence our offer of your money back if there is no employment at a minimum annual salary of R240k within six months.
“With one of the highest youth unemployment rates in the world – recently announced as a national emergency by the President – it is important that institutions teach skills that are in demand and where learners can earn a healthy living afterwards.”
There are qualifying criteria, however. Candidates need to live in close proximity (within one hour commuting distance), or be prepared to live, in either Johannesburg or Cape Town, and need to be between the ages of 18 and 55.
“Our application process is very tough. We’ll test for aptitude and attitude using the qualifying framework we’ve built over the years. If you’re smart enough, you’ll be accepted,” says Dippnall.
To find out more, visit http://www.explore-datascience.net.