POPI should prompt a serious mobile security rethink for SA companies

lock-security

lock-security

Over the past three decades legislatures across the world have been trying to update their legal systems to address growing concerns around how our private information is being used once handed over to companies in both the public and private sectors.

Looking back, this first began with an article published in the Harvard Law Review by two men who later became pillars of the US legal system, Warren and Brandeis. They wrote “The Right to Privacy” in December of 1890 protesting what was then “New Technology”; the printing press had birthed its first tabloid magazine and with it the lives and photographs of private citizens were laid bare for all to see.

Fast forward a century or so and the introduction of the Protection of Personal Information Act (POPI) is driven by the same motivation, the protection of personal customer information held by organisations.

Naturally this is prompting South African businesses to re-evaluate how they store and process customer information and mobile data is by no means exempt. Today smartphones and tablet allow us to retrieve, store and process custodial information in our day to day jobs to be able to better serve our customers, better compete and better generate revenue and with that comes the onus the treat this information responsibly and protect it from loss or theft. In the same way that a bank is held accountable to its customers for the money it stores, POPI aims to hold organizations accountable for the mismanagement of custodial information.

Because we tend to overlook mobility in enterprise as a company peripheral it has grown to represent one of the weakest potential points in many large organisations’ information security infrastructures. Enterprises need to strengthen their mobile security posture if they are to align themselves with POPI’s requirements. This means they need to put strong processes in place to prevent accidental or deliberate data leakages as well as to prevent malware infections.

Mobile devices are today central to business processes. Most large organisations have sales and service staff as well as executives in the field carrying a wealth of personally identifiable information about customers’ on their devices. These mobile devices can also often be used to access a range of customer data stored on company servers. Yet this area has not received enough attention from CIOs and IT managers as they rush to meet POPI’s demands.

In practice, this means organisations should make sure they have security frameworks and solutions that allow for end-to-end control over how data on mobile devices is managed at rest and in transit. These security procedures ideally need to be auditable so that the organisation can demonstrate compliance while critically not affecting the advantages that mobility brings. So in short, security and compliance should not come at the expense of the bottom line or the user experience for that matter.

Mobile security that complies with POPI is going to be especially challenging for organisations who have embraced the “Bring Your Own Device” (BYOD) philosophy. The mix of devices in use in their workforces – many of them consumer smartphones and tablets not designed to enterprise security standards – makes such organisations vulnerable to loss or theft of customer data. With this in mind, companies with BYOD policies need to start looking to implement multiplatform MDM as a matter of urgency.

Take time to develop and implement a formal EMM strategy for your organization, POPI has sharp teeth for enforcement – companies that do not meet its requirements face stiff penalties including large fines and reputational damage. At a more fundamental level we all have an almost integral responsibility to protect individual privacy and for many we do not need laws to point out what the Universal Declaration on Human Rights considers one of its pillars next to freedom and equality.

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.