Ensure POPI compliance by protecting data in motion
The advent of the Protection of Personal Information Act (POPI) means companies need to pay special attention to how they protect data during transmission, according to Craig Freer of Vox Telecom.
“There has been a lot of attention focused on what we call data at rest – information that is stored on servers or in databases,” says Freer. “Most companies of any size now understand that they need to have clear and well-enforced policies about where and how information is stored, who is allowed access to it and how long it can be kept.”
But, he says, “there is a lot less clarity about protecting data in motion. Email, for example, is a notoriously insecure medium which typically provides no audit trail and no safeguards about printing or forwarding it. When a leak of confidential information happens – whether it’s a customer database or a Public Protector’s report – there is no way of identifying or plugging the leak.”
As a result, says Freer, Vox Telecom plans to introduce new products early in 2014 that will help clients protect all their confidential data while it’s most vulnerable – in transit.
“The basic requirements for secure transfer of information is that it should be encrypted, and there must be a full audit trail of its movements, including when, where, how and by whom it was viewed,” he says. “In addition, senders should have to ability to restrict what recipients can do with it – for example by preventing printing, copying or forwarding.”
Ideally, he says, “such a tool will work seamlessly with existing email programmes like Outlook, so employees don’t have to change their workflows to take advantage of increased security.”
Freer says Vox Telecom is currently in the final stages of launching such a product and is said to make an official announcement next week.
For more detail, visit www.voxtelecom.co.za.