Tuesday, March 16, 2010

Privacy Law Toughens up Security

The passing of the Protection of Personal Information Bill (PPI) into law this year will have a significant impact on how businesses deal with information and prevent security breaches.

The PPI Bill, which was submitted to the justice minister last year, aims to promote the protection of personal information processed by public and private bodies. The legislation seeks to establish minimum requirements for the processing of personal information and aims to establish an information protection regulator.

During the upcoming ITWeb Security Summit from 11 to 13 May at the Sandton Convention Centre, Ritasha Jethva, Absa head of information privacy, will examine the security implications of the PPI Bill and what it will mean for the typical end-user.

“The implementation of the privacy principles will lead to security having a better understanding of the business processes and practices, thus bringing the security implementation closer to business process execution,” says Jethva.

“In addition, I believe privacy will drive and further assist in the strengthening of the formalisation of the security practices across the organisation, such as security policies, standards, programmes and technological solutions.”

Once the PPI Bill gets enacted, Jethva points out that companies will need to clamp down on security controls within the information life cycle. Jethva says organisers will need to ensure personal information is gathered, stored and processed securely using encryption technology.

In alignment with regulator requirements, personal information needs to be retained for the duration of its purpose, and when the information is no longer required the organisation needs to permanently destroy all traces of it.

Jethva says: “Many fraud-related acts like identify theft and financial crime results from PI leaking and being abused. Through the enforcement of the Bill, all impacted organisations will have to formalise their internal processes in order to better protect an individual's PI. This ultimately results in individuals being less vulnerable and exploited within the underground world.”

IT Web Business

No comments:

Post a Comment