A model to assess organisational information privacy maturity against the Protection of Personal Information Act

 

Show simple item record

dc.contributor.author Hinde , Charles Christopher en_ZA
dc.date.accessioned 2015-06-30T07:59:45Z
dc.date.available 2015-06-30T07:59:45Z
dc.date.issued 2014 en_ZA
dc.identifier.citation Hinde , C. 2014. A model to assess organisational information privacy maturity against the Protection of Personal Information Act. University of Cape Town. en_ZA
dc.identifier.uri http://hdl.handle.net/11427/13179
dc.description Includes bibliographical references. en_ZA
dc.description.abstract Reports on information security breaches have risen dramatically over the past five years with 2014 accounting for some high-profile breaches including Goldman Sachs, Boeing, AT&T, EBay, AOL, American Express and Apple to name a few. One report estimates that 868,045,823 records have been breached from 4,347 data breaches made public since 2005 (Privacy Rights Clearing House, 2013). The theft of laptops, loss of unencrypted USB drives, hackers infiltrating servers, and staff deliberately accessing client’s personal information are all regularly reported (Park, 2014; Privacy Rights Clearing House, 2013) . With the rise of data breaches in the Information Age, the South African government enacted the long awaited Protection of Personal Information (PoPI) Bill at the end of 2013. While South Africa has lagged behind other countries in adopting privacy legislation (the European Union issued their Data Protection Directive in 1995), South African legislators have had the opportunity to draft a privacy Act that draws on the most effective elements from other legislation around the world. Although PoPI has been enacted, a commencement date has still to be decided upon by the Presidency. On PoPI’s commencement date organisations will have an additional year to comply with its requirements, before which they should: review the eight conditions for the lawful processing of personal information set out in Chapter three of the Act; understand the type of personal information they process ; review staff training on mobile technologies and limit access to personal information; ensure laptops and other mobile devices have passwords and are preferably encrypted; look at the physical security of the premises where personal data is store d or processed; and, assess any service providers who process in formation on their behalf. With the demands PoPI places on organisations this research aims to develop a prescriptive model providing organisations with the ability to measure their information privacy maturity based on “generally accepted information security practices and procedure s” ( Protection of Personal Information Act, No.4 of 2013 , sec. 19(3)) . Using a design science research methodology, the development process provides three distinct design cycles: 1) conceptual foundation 2) legal evaluation and 3) organisational evaluation. The end result is the development of a privacy maturity model that allows organisations to measure their current information privacy maturity against the PoPI Act. This research contributes to the knowledge of how PoPI impacts on South African organisations, and in turn, how organisations are able to evaluate their current information privacy maturity in respect of the PoPI Act. The examination and use of global best practices and standards as the foundation for the model, and the integration with the PoPI Act, provides for the development of a unique yet standards-based privacy model aiming to provide practical benefit to South African organisations. en_ZA
dc.language.iso eng en_ZA
dc.subject.other Information Systems en_ZA
dc.title A model to assess organisational information privacy maturity against the Protection of Personal Information Act en_ZA
dc.type Master Thesis
uct.type.publication Research en_ZA
uct.type.resource Thesis en_ZA
dc.publisher.institution University of Cape Town
dc.publisher.faculty Faculty of Commerce en_ZA
dc.publisher.department Department of Information Systems en_ZA
dc.type.qualificationlevel Masters
dc.type.qualificationname MCom en_ZA
uct.type.filetype Text
uct.type.filetype Image
dc.identifier.apacitation Hinde , C. C. (2014). <i>A model to assess organisational information privacy maturity against the Protection of Personal Information Act</i>. (Thesis). University of Cape Town ,Faculty of Commerce ,Department of Information Systems. Retrieved from http://hdl.handle.net/11427/13179 en_ZA
dc.identifier.chicagocitation Hinde , Charles Christopher. <i>"A model to assess organisational information privacy maturity against the Protection of Personal Information Act."</i> Thesis., University of Cape Town ,Faculty of Commerce ,Department of Information Systems, 2014. http://hdl.handle.net/11427/13179 en_ZA
dc.identifier.vancouvercitation Hinde CC. A model to assess organisational information privacy maturity against the Protection of Personal Information Act. [Thesis]. University of Cape Town ,Faculty of Commerce ,Department of Information Systems, 2014 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/13179 en_ZA
dc.identifier.ris TY - Thesis / Dissertation AU - Hinde , Charles Christopher AB - Reports on information security breaches have risen dramatically over the past five years with 2014 accounting for some high-profile breaches including Goldman Sachs, Boeing, AT&T, EBay, AOL, American Express and Apple to name a few. One report estimates that 868,045,823 records have been breached from 4,347 data breaches made public since 2005 (Privacy Rights Clearing House, 2013). The theft of laptops, loss of unencrypted USB drives, hackers infiltrating servers, and staff deliberately accessing client’s personal information are all regularly reported (Park, 2014; Privacy Rights Clearing House, 2013) . With the rise of data breaches in the Information Age, the South African government enacted the long awaited Protection of Personal Information (PoPI) Bill at the end of 2013. While South Africa has lagged behind other countries in adopting privacy legislation (the European Union issued their Data Protection Directive in 1995), South African legislators have had the opportunity to draft a privacy Act that draws on the most effective elements from other legislation around the world. Although PoPI has been enacted, a commencement date has still to be decided upon by the Presidency. On PoPI’s commencement date organisations will have an additional year to comply with its requirements, before which they should: review the eight conditions for the lawful processing of personal information set out in Chapter three of the Act; understand the type of personal information they process ; review staff training on mobile technologies and limit access to personal information; ensure laptops and other mobile devices have passwords and are preferably encrypted; look at the physical security of the premises where personal data is store d or processed; and, assess any service providers who process in formation on their behalf. With the demands PoPI places on organisations this research aims to develop a prescriptive model providing organisations with the ability to measure their information privacy maturity based on “generally accepted information security practices and procedure s” ( Protection of Personal Information Act, No.4 of 2013 , sec. 19(3)) . Using a design science research methodology, the development process provides three distinct design cycles: 1) conceptual foundation 2) legal evaluation and 3) organisational evaluation. The end result is the development of a privacy maturity model that allows organisations to measure their current information privacy maturity against the PoPI Act. This research contributes to the knowledge of how PoPI impacts on South African organisations, and in turn, how organisations are able to evaluate their current information privacy maturity in respect of the PoPI Act. The examination and use of global best practices and standards as the foundation for the model, and the integration with the PoPI Act, provides for the development of a unique yet standards-based privacy model aiming to provide practical benefit to South African organisations. DA - 2014 DB - OpenUCT DP - University of Cape Town LK - https://open.uct.ac.za PB - University of Cape Town PY - 2014 T1 - A model to assess organisational information privacy maturity against the Protection of Personal Information Act TI - A model to assess organisational information privacy maturity against the Protection of Personal Information Act UR - http://hdl.handle.net/11427/13179 ER - en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record