Writing and Blog
A collection of my writing, musings, and opinion pieces. Please check back for updates!
Ross is available for technical and other writing.
Should you be interested, please get in touch!
Something that bugs me immensely in the quest for privacy and information security, is the vast chasm of disconnect between big corporate / enterprise and niche software companies when it comes to data protection. It’s something I tend to notice more and more in that I mostly deal with software companies, start-ups, and managed service providers.
In addition to advisory, I also run training courses around the Protection of Personal Information Act (POPIA). I will be running three public courses in the first week of March, the details of which are broken down below: Staff Awareness Training 2 March,...
In my experience, when most people think about POPIA, the first thing that pops to mind is that they have to consent to their data being processed. Sure, in some cases such as marketing, there needs to be consent. There are, however, other mechanisms that allow a company to legally process data without consent. Section 11(1)a of POPIA lists a number of legitimate justifications for processing data, only one of which is consent.
I’ve posted before about POPIA being more than software or a set of policies, but it occurs to me that I need to get a little more detailed as to what exactly you need to consider when bringing in a consulting firm / software house / cybersecurity provider to handle your compliance. I’m sure this won’t be the last time I’m posting something of this nature, as I am seeing more and more companies offering complete POPIA solutions that seem to be nothing more than extensive marketing budgets and equally extensive assumptions as to the law and its practical implications.
At the core of the Protection of Personal Information Act (POPIA) are 8 conditions (also referred to as principles by a number of practitioners) to legal processing of personal information. These conditions form the cornerstone of your privacy programme, and any claims of being POPIA ready means that you need to have hit all of them.
There are a number of schools of thought around awareness training when it comes to cybersecurity and privacy, and a number of challenges too. Some attorneys that I have worked with maintain that awareness is only worthwhile after your compliance programme is in place, which I wholeheartedly and respectfully disagree with. Awareness from the ground up can be one of the greatest controls you can have in your business.
There has been a massive outcry about WhatsApp changing their privacy policies and sharing data with Facebook. While there is cause for concern, I don’t believe that it is the end of the world. And, if we talk a calm, rational approach to it, we can see that it’s perhaps not a new thing…
In South Africa, we are firmly in the grip of our second wave, with daily identified cases exceeding that of our first round of the virus. During this second wave, I have installed the COVID Alert SA app, South Africa’s contact tracing app (akin to the apps in other parts of the world). This app and those globally have been a hot topic on the privacy, tech, and cyber security fronts, with many very strong opinions in various directions.
Given the sheer volume of messages I’ve received on Facebook Messenger saying “This look like you!” or similar with a video link, I figured I’d put together a post on how to secure up your Facebook profile. In a number of cases I’ve seen Facebook blamed, and while I hold no love for the company or their practices, they do make it pretty easy to secure your entire Facebook experience.
While I would not say I’m a germophobe, COVID-19 has certainly made me more aware (and more paranoid) of the sanitisation habits of those around me, and the necessity for handwashing, cleanliness, and distancing. Much like the invisible pandemic, data has a tendency to spread without you realising it, and it is vitally important to have proper habits in place to prevent data oozing out and proliferating everywhere.