Protection of Personal Information Bill

The recent ITWeb-Deloitte PPI Act Survey shows that South African companies remain unclear about the implication of the Bill, which is due to come into effect soon. In practise, the bill requires both Data Security and Data Quality – both key elements of any Data Governance practice.

From a data security perspective, the bill will require organisations to provide evidence that access is restricted for sensitive data. The current prohibitive cost of manual data entitlement reviews is a significant concern – particularly for unstructured data sources such as file shares and web portals. Do you know where sensitive data is exposed in your environment? who has access to it? Should they be accessing it? What can you do about?

From a data quality perspective the bill requires that organisations will be able to provide consumers with a clear and accurate view of all data stored. Historically, corporations have struggled to identify and group client records – whether across product systems, business units or simply different operational units.  For example, if a client record is updated in the call centre will the latest information be updated all the product systems. Will you even know if this is the same client across all the systems or business areas? How will you identify which is the best client record? These are data governance questions that can be addressed by data quality processes and tools.

Both the data quality and data privacy implications of the Bill must be managed cost effectively to avoid penalties. On the plus side if an enterprise view is taken then the reuse achieved by this infrastructure investment should be considerable.

2 thoughts on “Protection of Personal Information Bill

  1. My interest in personal data protective bills the world over is to the see how CSP (communication service providers), marketeers and advertisers use location information provided by communication devices, particularly mobile. CSP’s know that they are sitting on a gold mine. To marketeers and advertisers, it would bring targeted marketing closer. But how much location information are CSP’s allowed to provide to advertisers? Vodacom not so long ago aggressively advertised the “Find Me” service for child minders. But I don’t see it being advertised anymore and would like to find out what happened. My hunch is that it got abused by people that started tracking their “enemies”. So how can goverment provide legislation that will allow CSP’s to really turn data into Rand assets and advertisers and marketeers to provide targeted advertisement without infringing the rights of people?

    Bowie Muyutu

    1. Hi Bowie

      Stats SA publish a vast amount of demographic information without impacting privacy.

      They do this by divorcing sensitive personal information from the demographic. For example, they can say that 85% of the population in an areas earns more than R10000 per month, but cannot say what any individual earns. So I imagine a similar approach could be taken to location based marketing to demographics rather than individuals – unless consent is gained.

      incidentally, I think Vodacom required the person being tracked to agree to this – don’t think this was the reason it was withdrawn but i could be wrong.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.