Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

7 Deadly Sins of DevOps

As DevOps or Development, there are vital points in the deployment of any software tool that pertain to both cyber security and privacy. Privacy law states that security safeguards need to be in place, and that the “current state of technology” will come into play. This means that the public expectation of security measures and the current state of what is seen as “normal” or “minimum requirement” needs to be taken into consideration.

read more

POPIA: What to ask your service provider for

We all have service providers of some shape or form in our businesses, be they outsourced payroll, accounting, IT, printing, HR, or any other number of services you need in your day-to-day operation. Under data protection laws such as POPIA, there is a defined relationship between yourselves and your suppliers, in terms of a Responsible Party (you) and an Operator (your service provider).

read more

Safeguarding your nudes (or any other information really)

Every now and then we read in the news that a celebrity (or politician) has accidentally shared a nude selfie (or worse, had their nudes leaked). In light of a certain celebrity accidentally showing his ‘captain’ to America (and the rest of the world) a couple of weeks ago, I figured it’s a good time to write a how-to piece on securing information on your computer.

read more

Assessing POPIA/GDPR compliance for your own SaaS offering

As a Software-as-a-Service (SaaS) provider, you will often be what is known as an “Operator” (POPIA) or “Processor” (GDPR) in privacy legislation. While you do not hold the lion’s share of responsibility for compliance, there are some obligations that you have towards your clients. Whether you are a B2B platform or a B2C platform, there are measures you need to take to ensure that your clients and consumers are protected from a security and compliance point of view.

read more

Are you ready for a POPIA deletion request?

POPIA has been in motion for a while, but now that we’re in the grace period, I’m seeing many more Data Subject Access Requests (DSARs) at my clients. These rights allow for the deletion of a subject’s personal data on request (among others). While simple on the surface, it is goes a lot deeper and is quite tricky.

read more

Not all privacy laws are equal: managed services challenges

Within the software space, it is often the case that you will transfer data across borders (whether you know it or not). A transfer is not necessarily as blunt as taking a file from location A and transferring it to location B. Accessing file A from location B is in fact still a data transfer.

read more

How to configure ProjectSend on a Raspberry Pi (or Ubuntu)

A few weeks ago I posted an article on ProjectSend, which is a great alternative to FTPS / SFTP when it comes to transferring files to and from your clients. Today, I’ll be doing a bit of a technical post that you can pass on to your IT team in order to setup your own ProjectSend server.

read more

Practical Privacy Live Training – Awareness Builds Culture

I have mentioned before in a few posts, that compliance to privacy legislation should be more of a company culture based exercise than a compliance checklist. A privacy-aware culture is one that can to a degree self-manage itself with staff members helping each other out as far as privacy is concerned, as opposed to relying on internal audit and a retrospective approach.

read more