ComplianceCyber

The POPI Act – what’s next?

By: PaySpace

The global COVID-19 pandemic that has seen workforces around the world now working from home, has introduced another dynamic. Scams and security breaches are steadily increasing as employees go about their work remotely.

“People are more comfortable at home and tend to let their guard down,” says Stuart Oberholzer, Information Security Compliance Manager at PaySpace, a leader in payroll and human capital management software. “There has been a steep increase in phishing attacks globally, for example, because in their own environment, people are more likely to click on dubious links in emails and suchlike.”

“Ransomware and web-based attacks are on the rise too. People who are scared of getting the virus, are eager to find out the latest information on the pandemic, and are being exploited by clever cyber criminals, who use links pretending to offer new information to lure them into visiting websites potentially exposing them to a number of external threats.”

He says to bear in mind, that companies can have the best security tools and solutions in place, but humans remain the weakest link in any organisation’s security armour.

According to Oberholzer, this is a growing concern, as the Protection of Personal Information Act (POPIA) is finally here. “The act outlines the ways in which businesses need to protect personal data from any security incident or compromise, particularly in the case of data breaches and data theft.”

He says as with all organisations in South Africa, by 1 July 2021 PaySpace needs to comply with the POPI act. “However, because we take the privacy of all personal data extremely seriously, we have put a range of controls in place that ensure we are already in compliance with the POPI act.”

All PaySpace systems have been aligned with the latest international privacy standard (ISO27701) to make sure the company meets international best practices when it comes to data privacy. This ensures PaySpace is fully compliant with other international data protection regulations too, such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). 

“This new ISO standard is focused specifically on data privacy and is essentially an add-on to our existing ISO 27001 certification. Aligning ourselves with this best practice, enables PaySpace to conduct business with any company around the world, while offering customers assurance that data privacy is maintained.”

In addition, Oberholzer says PaySpace has established two policies, a privacy policy and a data handling policy, which outlines how we need to treat and handle data at PaySpace. “We do not have to change the way we work in order to comply with POPIA. “For PaySpace, it is business as usual. We will continue to maintain the highest standards that we have set for ourselves when it comes to protecting our customers’ data.”

When working with the PaySpace team, customers are assured that security is a top priority. “We run regular phishing tests with our teams, as well as send out regular emails to keep our customers informed about what is trending. Our team has an excellent focus and solid thought processes around security and data privacy, from beginning to the end.

Oberholzer says when developing PaySpace, security was the number one consideration, and was built in from the ground up. “We significantly reduce any threats by focusing on all aspects of data security, to minimize the risks as much as possible.”

In addition, PaySpace has educated its entire staff about the threat landscape, and they are trained to identify suspicious activity, for example, and flag it as a potential danger. “Our solution is highly secure. We ensure all data is encrypted to the highest standards, whether the data is at rest or in motion. We follow all industry best practices, to harden our security posture, and guarantee maximum data security.”

Speaking of the safeguards the company has in terms in terms of POPIA, he says the Act is based on eight principles – Accountability; Processing Limitation; Purpose Specification; Further Processing Limitation; Information Quality; Openness; Security Safeguards; and Data Subject Participation. Our entire solution was designed with these eight principles in mind”.

He says because PaySpace is a cloud based solution, customers can manage their own data too. “At any time, PaySpace users are able to access and, if need be, correct their details, ensuring their information is always accurate.”

The bottom line? “At PaySpace, we take your data security and privacy extremely seriously,” he concludes.




Related posts
Compliance

Culture can cost you

ComplianceFinancial Planning

Compliance in the time of Covid-19

ComplianceFinancial Planning

How the new POPI act affects intermediaries

Cyber

Cyber-attacks on healthcare responders mirror the rate of Covid-19 infections