Page 32 - Q&A
P. 32

Why securing your data makes business sense


            March 2020
            “My business collects and stores quite a large amount of client data. We were
            recently  nearly  hacked  and  were  lucky  that  no  information  was  leaked.  I’m
            concerned about another attack and worried what would happen if information
            was leaked. What should I do?”
      Commercial  It is well recognized that the way we do business and interact has radically
            changed in the  current digital age. Businesses  operate online, have social
            media accounts and trade with consumers that never set a foot inside their
            store. Customers also review, rate and make decisions about a business based
            on their online credentials. The more data a business processes the larger also
            the target painted on the back of the business for potential hackers, scammers
            and fraudsters.

            In this digital world consumers have understandably also become
            increasingly concerned about privacy and the security of their digital footprint
            and make engagement decisions based on the perceived risk level of the
            business.  Nothing  scares  off  consumers  more  easily  than  a  business  that
            appears to have been compromised, is not safe to engage with or appears
            open to hacking or other online malfeasance. Recent studies have gone so
            far as to predict that nearly two-thirds of consumers would likely end a business
            relationship with a company whose data security in respect of personal
            information has been compromised.

            This makes data security and privacy a vital aspect of any business today, with
            a failure to do so potentially attracting massive reputational damage and loss
            of business. Businesses cannot ignore the need to take steps to protect the
            personal information of its customers. With the introduction of the Protection
            of Personal Information  Act 4 of 2013  (“POPIA”), this need  has now also
            been legislated requiring all businesses that process personal information of
            customers to secure and safeguard such information.

            POPIA obliges businesses to ensure data security by taking appropriate and
            reasonable technical (electronic) and organisational (physical) measures
            to prevent loss, damage, unauthorised destruction, unlawful access to, and/
            or unlawful processing of personal information. To do so, businesses should
            consider generally accepted information security practices and procedures as
            well as any specific practices and procedures that may be required in terms of
            industry specific rules and regulations that apply to the business.

            In addition to physical and electronic security measures, a business must also
            implement an appropriate data governance framework, including policies
            and procedures to ensure that their employees have a clear understanding of
            data security and their obligations in this regard.





            25
   27   28   29   30   31   32   33   34   35   36   37