Writing and Blog
A collection of my writing, musings, and opinion pieces. Please check back for updates!
Ross is available for technical and other writing.
Should you be interested, please get in touch!
For ages, I have been looking for a Managed File Transfer (MFT) system to replace WeTransfer/FTPS for a number of my clients (and for myself). ProjectSend appears to be that solution!
In keeping with the ongoing practice of privacy compliance, you need to perform management reviews of your programme. While the acts and regulations are not necessarily explicit in conducting a management review, they do mention that the Information Officer needs to maintain a programme or framework, and part of this is ongoing review of activities.
As a software company, there are many components to consider in your Privacy Programme. Kicking off a privacy programme in a software company is adding more overhead to an already lean process, so how do you go about incorporating it in a familiar way? By releasing and managing your privacy programme the way you manage your SDLC.
The last few weeks has seen the privacy industry heating up here in SA, what with the introduction of POPIA. In these weeks, I’ve seen a lot of advice dispensed by non-specialists in the privacy field; some of it is valuable, but a lot of it is dangerous. This week’s post is a listing of the top 10 myths I see in advisory and questions from clients and workshop attendees.
As someone who deals with business a lot on POPIA, my blog is often focused in this area. Today, I will focus on the consumer side as I have seen a dramatic increase in posts on social media around actions contravening POPIA (that actually don’t). The purpose of POPIA is, among others, to give effect to the right to privacy of the individual. This however, is met with the clause “balancing the right to privacy against other rights” and “protecting important interests including the free flow of information within the Republic”.
As a Software-as-a-Service (SaaS) provider, POPIA is going to have a profound effect on your business. The act, now signed, comes into effect on the 1st of July, 2020, with the deadline for compliance being the 30th of June 2021. This is not a lot of time, and you’ll need to address a number of challenges in the year to come.
Working in the Software-as-a-Service space means that you’re dealing with loads of logging and diagnostic information being generated every second. When we talk privacy, we often don’t consider these operational systems as they are removed from the client facing side and don’t contain sensitive data (on the surface).
Being remote doesn’t stop workshops from happening, it just means they happen online! I have a number of workshops coming up in June, find out more about them below.
It’s easy for a business to claim total ownership of communications in a company with a blanket monitoring policy applied across the board, but are you allowed to? Over the years, I’ve seen dozens of clauses claiming the right to monitor everything – the fact is, it’s probably not as legal as you think it is, and you probably believe you have more rights than you do as an employer!
For the past few weeks I’ve been drawing comparisons between Ferris Beuller’s Day Off and data protection, and how this movie details a number of techniques that are used in cyber security and privacy. In this last instalment we’ll reach a little and “milk the metaphor” a bit, but all in good fun!