By Nadine Mather, Partner, Bowmans South Africa
Data Privacy Day, also known as Data Protection Day, takes place annually on 28 January to raise awareness about the importance of data privacy and to promote data protection best practices. This international event is dedicated to reminding individuals and organisations of the importance of data protection and to take steps to safeguard their personal information.
In South Africa, this year’s Data Privacy Day marks just over one and a half years since the provisions of the Protection of Personal Information Act (POPIA) became enforceable. Whilst the Information Regulator has used this period to educate institutions on POPIA and to operationalise the legislative framework in place, the Information Regulator has indicated that it will not hesitate to show its teeth going forward and it is foreseeable that we may witness the first fine or penalty imposed under POPIA this year.
The rise of technology and the growth in data protection regulations globally reflect a significant movement towards better data protection practices. Data privacy should thus be seen as an everyday event and organisations processing personal information should constantly be monitoring and improving their data processing strategies. In celebration of Data Privacy Day, here are a few tips to improve your data privacy measures.
Assess your data processing activities
Organisations must be able to justify why they collect, hold and process personal information. It is thus important to understand what information is collected, for what purpose it is collected, and whether it is necessary to retain the information. Discard the personal information which you no longer need or are required to retain (in a responsible way). The principle of minimality is key and organisations should not be processing personal information which is not necessary to achieve their aims and functions.
Implement strong security measures
One of the most important steps organisations should take to secure the integrity of personal information is to implement strong security measures to protect the information from unauthorised use, access or disclosure. The security measures may include implementing firewalls, encryption technologies, virus programs and strong password controls.
Organisations should take steps to adopt privacy procedures that clearly outline how personal information is collected, used and shared. This includes taking steps to inform data subjects of how their personal information is used and processed. In doing so, data subjects should be informed of their rights to their personal information, including the right to opt-out of certain data processing activities where applicable.
Train, train and train again
According to a study conducted by IBM, 95% of cyber security breaches result from human error. Businesses should thus regularly train all stakeholders and employees on data privacy and security best practices to ensure they understand how to handle personal information responsibly and to protect the information from unauthorised access or disclosure.
Monitor and evolve
Threats to personal information (both external and internal), data protection legislation and businesses themselves are constantly evolving. Ongoing monitoring of your data processing activities and security protocols will assist with ensuring that your measures are still fit for purpose and comply with applicable data protection laws.
Data Privacy Day is a good reminder for individuals and businesses to wake up to the importance of safeguarding personal information and respecting privacy. By taking simple but effective steps, businesses can adequately protect personal information, enhance their data protection practices, and mitigate against data breaches.