THE responsible person (RP)
must ensure the integrity of
personal information (PI) in
its possession or under its
control (19).
What does ‘integrity’
mean’?
POPI does not define it
It can mean, inter alia,
‘perfect condition’, ‘whole
or complete’
Webopedia refers to it as
‘the validity of data’ and
states that datA integrity
can be compromised in a
number of ways i.e.
Human errors when data is
entered
Errors that occur when data
is transmitted from one
computer to another
Software bugs or viruses
Hardware malfunctions,
such as disk crashes
Natural disasters, such as
fires and floods
It suggests that such
compromise can be
minimised as follows:
Backing up data regularly
Controlling access to data
via security mechanisms
Designing user interfaces
that prevent the input of
invalid data
Using error detection and
correction software when
transmitting data
POPI requires the RP to
take appropriate, reasonable
technical and organisational
measures’ – see ‘minimise’
above.
Such ‘measures’ must
prevent:
‘loss of, damage to or
unauthorised destruction of
PI; and
‘unlawful access to or
processing of PI’
Such ‘measures’ must
endeavour to:
identify ‘all reasonably
foreseeable internal and
external risks’
‘establish and maintain
safeguards against such
risks’
‘regularly verify that these
safeguards are effectively
implemented’
‘ensure such safeguards
are regularly updated’ given
‘new risks and deficiencies’
Compliance standard:
RP must have ‘due regard’
to ‘generally accepted
information security
practices’ applicable to it
generally or ‘specific industry
or professional rules and
regulations’
From Louis the Lawyer – POPI
Comments | 0
