Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

The What and Why of Data Protection Management Reviews

In keeping with the ongoing practice of privacy compliance, you need to perform management reviews of your programme. While the acts and regulations are not necessarily explicit in conducting a management review, they do mention that the Information Officer needs to maintain a programme or framework, and part of this is ongoing review of activities.

read more

Struggling with POPIA? Turn to your Dev team

As a software company, there are many components to consider in your Privacy Programme. Kicking off a privacy programme in a software company is adding more overhead to an already lean process, so how do you go about incorporating it in a familiar way? By releasing and managing your privacy programme the way you manage your SDLC.

read more

10 Myths About Your GDPR/POPIA Privacy Programme

The last few weeks has seen the privacy industry heating up here in SA, what with the introduction of POPIA. In these weeks, I’ve seen a lot of advice dispensed by non-specialists in the privacy field; some of it is valuable, but a lot of it is dangerous. This week’s post is a listing of the top 10 myths I see in advisory and questions from clients and workshop attendees.

read more

A crash course in your rights under POPIA

As someone who deals with business a lot on POPIA, my blog is often focused in this area. Today, I will focus on the consumer side as I have seen a dramatic increase in posts on social media around actions contravening POPIA (that actually don’t). The purpose of POPIA is, among others, to give effect to the right to privacy of the individual. This however, is met with the clause “balancing the right to privacy against other rights” and “protecting important interests including the free flow of information within the Republic”.

read more

POPIA and Software-as-a-Service, an interesting year ahead

As a Software-as-a-Service (SaaS) provider, POPIA is going to have a profound effect on your business. The act, now signed, comes into effect on the 1st of July, 2020, with the deadline for compliance being the 30th of June 2021. This is not a lot of time, and you’ll need to address a number of challenges in the year to come.

read more

Logging and Diagnostics – 5 Sources of PII You Never Considered

Working in the Software-as-a-Service space means that you’re dealing with loads of logging and diagnostic information being generated every second. When we talk privacy, we often don’t consider these operational systems as they are removed from the client facing side and don’t contain sensitive data (on the surface).

read more

How to implement DLP and monitoring legally

It’s easy for a business to claim total ownership of communications in a company with a blanket monitoring policy applied across the board, but are you allowed to? Over the years, I’ve seen dozens of clauses claiming the right to monitor everything – the fact is, it’s probably not as legal as you think it is, and you probably believe you have more rights than you do as an employer!

read more

Data Protection as taught by Ferris Bueller (Part 3)

For the past few weeks I’ve been drawing comparisons between Ferris Beuller’s Day Off and data protection, and how this movie details a number of techniques that are used in cyber security and privacy. In this last instalment we’ll reach a little and “milk the metaphor” a bit, but all in good fun!

read more