A framework and model of operation for electronic personal information to achieve and maintain compliance with Condition 7 of the Protection of Personal Information (POPI) Act

Show simple item record

dc.contributor.advisor Venter, Hein S.
dc.contributor.postgraduate Dala, Prittish
dc.date.accessioned 2017-08-04T08:57:31Z
dc.date.available 2017-08-04T08:57:31Z
dc.date.created 2017-09-08
dc.date.issued 2017
dc.description Thesis (PhD)--University of Pretoria, 2017. en_ZA
dc.description.abstract Privacy entails controlling the use and access to place, location and personal information. In South Africa, the first privacy legislation in the form of the Protection of Personal Information (POPI) Act (Act 4 of 2013) was signed into law on 26 November 2013. The POPI Act promotes the protection of personal information by South African institutions and specifies the minimum requirements in 12 Chapters, which includes 8 Conditions for lawful processing of personal information. Condition 7 of the POPI Act makes specific provision for security safeguards to ensure the confidentiality and integrity of personal information. While the legislative requirements of Condition 7 of the POPI Act are spelt out in Sections 19, 20, 21 and 22, the requirements are not supported by specific guidance in terms of how these should be satisfied. There is also no specific guidance on the security safeguards, as required in Section 19, to ensure the confidentiality and integrity of personal information. Hence, this thesis - which focuses on electronic personal information - proposes a framework that includes a selection of security safeguards that may serve as a frame of reference and be used by South African institutions that store, process and transmit electronic personal information, to achieve and maintain compliance with Condition 7 of the POPI Act. As part of this study, a POPI research survey is used to assess the current state of security safeguards in South African institutions and to validate the selection of security safeguards of the proposed framework. In addition, a model of operation of security safeguards is proposed to guide one on how the selection of security safeguards should be implemented to achieve and maintain confidentiality and integrity of electronic personal information as required by Condition 7 of the POPI Act. Furthermore, this thesis explores the concept and principles of privacy as well as the importance of privacy and provides an overview of the global privacy legislative landscape, including South African privacy legislation. An analysis is also conducted to assess the extent to which the privacy legislation of the European Union (EU) and South Africa addresses the international 2013 Organisation for Economic Co-operation and Development (OECD) guidelines. The POPI research survey is also used to assess the level of compliance with the POPI Act and specifically Condition 7 of the Act. In addition, the POPI research survey is used to assess the financial value associated with electronic personal information and the potential impact of a data breach of electronic personal information. en_ZA
dc.description.availability Unrestricted en_ZA
dc.description.degree PhD en_ZA
dc.description.department Computer Science en_ZA
dc.identifier.citation Dala, P 2017, A framework and model of operation for electronic personal information to achieve and maintain compliance with Condition 7 of the Protection of Personal Information (POPI) Act, PhD Thesis, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/61578> en_ZA
dc.identifier.other S2017 en_ZA
dc.identifier.uri http://hdl.handle.net/2263/61578
dc.language.iso en en_ZA
dc.publisher University of Pretoria
dc.rights © 2017 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria.
dc.subject POPI Act en_ZA
dc.subject Protection of Personal Information en_ZA
dc.subject Information Security en_ZA
dc.subject Security Safeguards en_ZA
dc.subject Compliance en_ZA
dc.subject UCTD
dc.title A framework and model of operation for electronic personal information to achieve and maintain compliance with Condition 7 of the Protection of Personal Information (POPI) Act en_ZA
dc.type Thesis en_ZA


Files in this item

This item appears in the following Collection(s)

Show simple item record