Page 32 - Q&A
P. 32
Why securing your data makes business sense
March 2020
“My business collects and stores quite a large amount of client data. We were
recently nearly hacked and were lucky that no information was leaked. I’m
concerned about another attack and worried what would happen if information
was leaked. What should I do?”
Commercial It is well recognized that the way we do business and interact has radically
changed in the current digital age. Businesses operate online, have social
media accounts and trade with consumers that never set a foot inside their
store. Customers also review, rate and make decisions about a business based
on their online credentials. The more data a business processes the larger also
the target painted on the back of the business for potential hackers, scammers
and fraudsters.
In this digital world consumers have understandably also become
increasingly concerned about privacy and the security of their digital footprint
and make engagement decisions based on the perceived risk level of the
business. Nothing scares off consumers more easily than a business that
appears to have been compromised, is not safe to engage with or appears
open to hacking or other online malfeasance. Recent studies have gone so
far as to predict that nearly two-thirds of consumers would likely end a business
relationship with a company whose data security in respect of personal
information has been compromised.
This makes data security and privacy a vital aspect of any business today, with
a failure to do so potentially attracting massive reputational damage and loss
of business. Businesses cannot ignore the need to take steps to protect the
personal information of its customers. With the introduction of the Protection
of Personal Information Act 4 of 2013 (“POPIA”), this need has now also
been legislated requiring all businesses that process personal information of
customers to secure and safeguard such information.
POPIA obliges businesses to ensure data security by taking appropriate and
reasonable technical (electronic) and organisational (physical) measures
to prevent loss, damage, unauthorised destruction, unlawful access to, and/
or unlawful processing of personal information. To do so, businesses should
consider generally accepted information security practices and procedures as
well as any specific practices and procedures that may be required in terms of
industry specific rules and regulations that apply to the business.
In addition to physical and electronic security measures, a business must also
implement an appropriate data governance framework, including policies
and procedures to ensure that their employees have a clear understanding of
data security and their obligations in this regard.
25