A model to assess organisational information privacy maturity against the Protection of Personal Information Act

dc.contributor.authorHinde , Charles Christopheren_ZA
dc.date.accessioned2015-06-30T07:59:45Z
dc.date.available2015-06-30T07:59:45Z
dc.date.issued2014en_ZA
dc.descriptionIncludes bibliographical references.en_ZA
dc.description.abstractReports on information security breaches have risen dramatically over the past five years with 2014 accounting for some high-profile breaches including Goldman Sachs, Boeing, AT&T, EBay, AOL, American Express and Apple to name a few. One report estimates that 868,045,823 records have been breached from 4,347 data breaches made public since 2005 (Privacy Rights Clearing House, 2013). The theft of laptops, loss of unencrypted USB drives, hackers infiltrating servers, and staff deliberately accessing client’s personal information are all regularly reported (Park, 2014; Privacy Rights Clearing House, 2013) . With the rise of data breaches in the Information Age, the South African government enacted the long awaited Protection of Personal Information (PoPI) Bill at the end of 2013. While South Africa has lagged behind other countries in adopting privacy legislation (the European Union issued their Data Protection Directive in 1995), South African legislators have had the opportunity to draft a privacy Act that draws on the most effective elements from other legislation around the world. Although PoPI has been enacted, a commencement date has still to be decided upon by the Presidency. On PoPI’s commencement date organisations will have an additional year to comply with its requirements, before which they should: review the eight conditions for the lawful processing of personal information set out in Chapter three of the Act; understand the type of personal information they process ; review staff training on mobile technologies and limit access to personal information; ensure laptops and other mobile devices have passwords and are preferably encrypted; look at the physical security of the premises where personal data is store d or processed; and, assess any service providers who process in formation on their behalf. With the demands PoPI places on organisations this research aims to develop a prescriptive model providing organisations with the ability to measure their information privacy maturity based on “generally accepted information security practices and procedure s” ( Protection of Personal Information Act, No.4 of 2013 , sec. 19(3)) . Using a design science research methodology, the development process provides three distinct design cycles: 1) conceptual foundation 2) legal evaluation and 3) organisational evaluation. The end result is the development of a privacy maturity model that allows organisations to measure their current information privacy maturity against the PoPI Act. This research contributes to the knowledge of how PoPI impacts on South African organisations, and in turn, how organisations are able to evaluate their current information privacy maturity in respect of the PoPI Act. The examination and use of global best practices and standards as the foundation for the model, and the integration with the PoPI Act, provides for the development of a unique yet standards-based privacy model aiming to provide practical benefit to South African organisations.en_ZA
dc.identifier.apacitationHinde , C. C. (2014). <i>A model to assess organisational information privacy maturity against the Protection of Personal Information Act</i>. (Thesis). University of Cape Town ,Faculty of Commerce ,Department of Information Systems. Retrieved from http://hdl.handle.net/11427/13179en_ZA
dc.identifier.chicagocitationHinde , Charles Christopher. <i>"A model to assess organisational information privacy maturity against the Protection of Personal Information Act."</i> Thesis., University of Cape Town ,Faculty of Commerce ,Department of Information Systems, 2014. http://hdl.handle.net/11427/13179en_ZA
dc.identifier.citationHinde , C. 2014. A model to assess organisational information privacy maturity against the Protection of Personal Information Act. University of Cape Town.en_ZA
dc.identifier.ris TY - Thesis / Dissertation AU - Hinde , Charles Christopher AB - Reports on information security breaches have risen dramatically over the past five years with 2014 accounting for some high-profile breaches including Goldman Sachs, Boeing, AT&T, EBay, AOL, American Express and Apple to name a few. One report estimates that 868,045,823 records have been breached from 4,347 data breaches made public since 2005 (Privacy Rights Clearing House, 2013). The theft of laptops, loss of unencrypted USB drives, hackers infiltrating servers, and staff deliberately accessing client’s personal information are all regularly reported (Park, 2014; Privacy Rights Clearing House, 2013) . With the rise of data breaches in the Information Age, the South African government enacted the long awaited Protection of Personal Information (PoPI) Bill at the end of 2013. While South Africa has lagged behind other countries in adopting privacy legislation (the European Union issued their Data Protection Directive in 1995), South African legislators have had the opportunity to draft a privacy Act that draws on the most effective elements from other legislation around the world. Although PoPI has been enacted, a commencement date has still to be decided upon by the Presidency. On PoPI’s commencement date organisations will have an additional year to comply with its requirements, before which they should: review the eight conditions for the lawful processing of personal information set out in Chapter three of the Act; understand the type of personal information they process ; review staff training on mobile technologies and limit access to personal information; ensure laptops and other mobile devices have passwords and are preferably encrypted; look at the physical security of the premises where personal data is store d or processed; and, assess any service providers who process in formation on their behalf. With the demands PoPI places on organisations this research aims to develop a prescriptive model providing organisations with the ability to measure their information privacy maturity based on “generally accepted information security practices and procedure s” ( Protection of Personal Information Act, No.4 of 2013 , sec. 19(3)) . Using a design science research methodology, the development process provides three distinct design cycles: 1) conceptual foundation 2) legal evaluation and 3) organisational evaluation. The end result is the development of a privacy maturity model that allows organisations to measure their current information privacy maturity against the PoPI Act. This research contributes to the knowledge of how PoPI impacts on South African organisations, and in turn, how organisations are able to evaluate their current information privacy maturity in respect of the PoPI Act. The examination and use of global best practices and standards as the foundation for the model, and the integration with the PoPI Act, provides for the development of a unique yet standards-based privacy model aiming to provide practical benefit to South African organisations. DA - 2014 DB - OpenUCT DP - University of Cape Town LK - https://open.uct.ac.za PB - University of Cape Town PY - 2014 T1 - A model to assess organisational information privacy maturity against the Protection of Personal Information Act TI - A model to assess organisational information privacy maturity against the Protection of Personal Information Act UR - http://hdl.handle.net/11427/13179 ER - en_ZA
dc.identifier.urihttp://hdl.handle.net/11427/13179
dc.identifier.vancouvercitationHinde CC. A model to assess organisational information privacy maturity against the Protection of Personal Information Act. [Thesis]. University of Cape Town ,Faculty of Commerce ,Department of Information Systems, 2014 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/13179en_ZA
dc.language.isoengen_ZA
dc.publisher.departmentDepartment of Information Systemsen_ZA
dc.publisher.facultyFaculty of Commerceen_ZA
dc.publisher.institutionUniversity of Cape Town
dc.subject.otherInformation Systemsen_ZA
dc.titleA model to assess organisational information privacy maturity against the Protection of Personal Information Acten_ZA
dc.typeMaster Thesis
dc.type.qualificationlevelMasters
dc.type.qualificationnameMComen_ZA
uct.type.filetypeText
uct.type.filetypeImage
uct.type.publicationResearchen_ZA
uct.type.resourceThesisen_ZA
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
thesis_com_2014_hinde_c (1).pdf
Size:
1.52 MB
Format:
Adobe Portable Document Format
Description:
Collections