The recent ITWeb-Deloitte PPI Act Survey shows that South African companies remain unclear about the implication of the Bill, which is due to come into effect soon. In practise, the bill requires both Data Security and Data Quality – both key elements of any Data Governance practice.
From a data security perspective, the bill will require organisations to provide evidence that access is restricted for sensitive data. The current prohibitive cost of manual data entitlement reviews is a significant concern – particularly for unstructured data sources such as file shares and web portals. Do you know where sensitive data is exposed in your environment? who has access to it? Should they be accessing it? What can you do about?
From a data quality perspective the bill requires that organisations will be able to provide consumers with a clear and accurate view of all data stored. Historically, corporations have struggled to identify and group client records – whether across product systems, business units or simply different operational units. For example, if a client record is updated in the call centre will the latest information be updated all the product systems. Will you even know if this is the same client across all the systems or business areas? How will you identify which is the best client record? These are data governance questions that can be addressed by data quality processes and tools.
Both the data quality and data privacy implications of the Bill must be managed cost effectively to avoid penalties. On the plus side if an enterprise view is taken then the reuse achieved by this infrastructure investment should be considerable.