Writing and Blog
A collection of my writing, musings, and opinion pieces. Please check back for updates!
Ross is available for technical and other writing.
Should you be interested, please get in touch!
As DevOps or Development, there are vital points in the deployment of any software tool that pertain to both cyber security and privacy. Privacy law states that security safeguards need to be in place, and that the “current state of technology” will come into play. This means that the public expectation of security measures and the current state of what is seen as “normal” or “minimum requirement” needs to be taken into consideration.
We all have service providers of some shape or form in our businesses, be they outsourced payroll, accounting, IT, printing, HR, or any other number of services you need in your day-to-day operation. Under data protection laws such as POPIA, there is a defined relationship between yourselves and your suppliers, in terms of a Responsible Party (you) and an Operator (your service provider).
Every now and then we read in the news that a celebrity (or politician) has accidentally shared a nude selfie (or worse, had their nudes leaked). In light of a certain celebrity accidentally showing his ‘captain’ to America (and the rest of the world) a couple of weeks ago, I figured it’s a good time to write a how-to piece on securing information on your computer.
As a Software-as-a-Service (SaaS) provider, you will often be what is known as an “Operator” (POPIA) or “Processor” (GDPR) in privacy legislation. While you do not hold the lion’s share of responsibility for compliance, there are some obligations that you have towards your clients. Whether you are a B2B platform or a B2C platform, there are measures you need to take to ensure that your clients and consumers are protected from a security and compliance point of view.
POPIA has been in motion for a while, but now that we’re in the grace period, I’m seeing many more Data Subject Access Requests (DSARs) at my clients. These rights allow for the deletion of a subject’s personal data on request (among others). While simple on the surface, it is goes a lot deeper and is quite tricky.
In short, the answer is yes, but they don’t have to be! You can have the best privacy programme in the world, but if your IT provider is not following your rules on it, you’re going to have a problem.
Within the software space, it is often the case that you will transfer data across borders (whether you know it or not). A transfer is not necessarily as blunt as taking a file from location A and transferring it to location B. Accessing file A from location B is in fact still a data transfer.
A few weeks ago I posted an article on ProjectSend, which is a great alternative to FTPS / SFTP when it comes to transferring files to and from your clients. Today, I’ll be doing a bit of a technical post that you can pass on to your IT team in order to setup your own ProjectSend server.
I have mentioned before in a few posts, that compliance to privacy legislation should be more of a company culture based exercise than a compliance checklist. A privacy-aware culture is one that can to a degree self-manage itself with staff members helping each other out as far as privacy is concerned, as opposed to relying on internal audit and a retrospective approach.
For ages, I have been looking for a Managed File Transfer (MFT) system to replace WeTransfer/FTPS for a number of my clients (and for myself). ProjectSend appears to be that solution!