Writing and Blog
A collection of my writing, musings, and opinion pieces. Please check back for updates!
Ross is available for technical and other writing.
Should you be interested, please get in touch!
Since POPIA (the Protection of Personal Information Act) has kicked in fully on the 1st of July, one of the most frequent tasks across my desk has been to review Data Processing Agreements (or Addendums, Annexures, Schedules and a variety of other names, often abbreviated to DPA). These documents can be confusing, longwinded, and in some cases even unnecessary. In today’s post, I’ll go through some of my own pointers as to what to look out for in these documents.
The last couple of months have seen the blog get a little quieter, that’s because there have been loads of things happening behind the scenes while simultaneously dealing with the 1 July POPIA deadline. While the deadline is now “old news” (you still need to comply), there are some exciting alliances that have taken place between Ross G Saunders Consulting and a couple of other initiatives.
With only around 50 (rough estimate) privacy consultants and law firms that are specialised in the space, there is a mad scramble for assistance in the murky water that is compliance to POPIA, with most (if not all) of us fully booked into July, August, and beyond. So, what do you do if you’re running late and looking to comply? I approached a number of colleagues in the privacy space asking for their top 3 to 5 tips of things that you need to focus on RIGHT. NOW.
Classification of data within your possession is not necessarily something that a lot of companies (particularly smaller ones) think of, but the practice is becoming a regular requirement of security attestations and Data Processing Agreements (DPAs). Within the privacy and information security spaces, different types of information are treated differently, be it relating to how it is stored, or even where it is transferred.
Privacy and Cyber Security don’t just start at the point where your product is released, they need to be embedded much earlier. Integrating these aspects into your SDLC (software development lifecycle) early on is key to complying with your obligations in terms of privacy laws as well as meeting the expectations of an increasingly aware consumer.
Everyone should be moving down the line with their Data Protection Programmes at this stage, however, there are some common blindspots you need to be aware of in the privacy space. In this article, I’ll break down three of the top unexpected sources of data that I find regularly during gap analyses.
There has been a lot of talk around Information Officers when it comes to POPIA (Protection of Personal Information Act) and PAIA (Promotion of Access to Information Act), with a guidance note recently released by the South African Information Regulator. The note details a lot of the who and what that you need to know in terms of this vitally important role in terms of the law.
We hear it all the time, "you have to have POPIA policies!", but what exactly does this mean? A number of companies that I've spoken to take policies as being the be-all-and-end-all of POPIA (though I suppose that's a step up from it being all about consent). Yes, you...
I work with a number of software and design agencies that host Software-as-a-Service solutions or other forms of web based applications. Part of what I do is assess how secure the application is, and how privacy may be affected. In performing these assessments, we dive in to how the application is put together, but also how it is secured from an infrastructure point of view. What I have found is that while companies are generally really good at taking security into consideration, the approaches to security are often out of date or based on bad advice.
What is the fastest way to shut down a privacy programme? It’s not a breach, breaches can make programmes stronger. It’s not budget, there’s a lot you can do with very little budget. Company culture, however, can reduce a privacy programme to nothing before it even gets out the starting gates.