Protection of Personal Information (PPI) and SharePoint – Part 1 of 2

-
The Protection of Personal information bill (the bill) has been getting a lot of attention lately, currently it’s a bill that is not yet enforced, but that is set to happen this year.


Organisations are expected to take reasonable steps NOW to ensure that they are compliant when this bill becomes law. So lots of seminars and training sessions are now becoming available to educate you on what the bill is all about and what “reasonable” steps can be taken in order for you to be compliant.




So what is this bill all about?

The bill regulates the collection, storage and distribution of personal information by both private and public bodies. It is based on world standards and is regarded as leading practice baseline for effective data privacy regulation around the world. The bill aims to provide an acceptable balance between the right to privacy and the legitimate need to use personal information.

Personal information is regarded as any information related to a person from first name to sexual orientation. He bill has eight core principles which form the minimal conditions for the lawful processing of personal information. The eight principles are:

Accountability: The party holding the personal information is responsible for the information and must follow the principles defined in the bill

Processing Limitations: Personal information must be collected directly from the data subject, with the data subjects consent.

Purpose Specification: Personal information must be collected for a specific, well defined and legitimate purpose. The data subject should be aware of the purpose for which the information is collected, and who the likely recipients of the information will be.

Further processing limitations: Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially.

Information Quality: The person or party that determines the purpose and means for processing personal information should ensure that the information is complete, up to date and accurate.

Openness personal: Personal information may only be collected if the Information Protection Commission was notified. Also, where personal information of a data subject is collected, the person or institution responsible for such collection must ensure that the data subject is aware of:
  • The fact that the information is being collected;
  • The name and address of the person or institution collecting the information;
  • Whether or not the supply of the information by that data subject is voluntary or mandatory and the consequences of failure to reply ;and
  • Where the collection of information is authorised or required under any law, the particular law to which the collection is subject.
Data Subject Participation: A data subject is entitled to the particulars of his or her personal information held by any institution or person, as well as to the identity of any person that had access to his or her personal information. The data subject is also entitled to require the correction of any information held by another party.

Security Safeguards: The Bill requires the implementation of technical and organisational measures to secure the integrity of personal information, and to guard against the risk of loss, damage or destruction of personal information. Also, personal information should also be protected against any unauthorised or unlawful access or processing.

That’s the main overview, the bill also mentions the processing of “special personal information” (i.e. religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, or criminal behaviour) which is basically prohibited for collection, storage and distribution.

Now since you understand what PPI is all about, let’s look at how SharePoint can help (in Part 2).

Reference
http://www.deloitte.com/view/en_ZA/za/services/audit/6a0f1f10c23c3210VgnVCM200000bb42f00aRCRD.htm

http://www.law24.com/understand-your-legal-issue/legal-articles/index.html?domid=/slucb/ulucb/5lucb/zv7nb/0musb/dp2sb&id=


Comments

Post a Comment

Popular posts from this blog

Why there is a shortage of SharePoint experts

-
Image
Microsoft has been very successful to promoting their SharePoint product, even though SharePoint has been around for a while, there 2007 and now 2010 version is something every organisation wants. With Microsoft practically giving away SharePoint licenses to organisations via EA agreements – we are reaching a very unique and rather unexpected situation where the demand for SharePoint developers is surpassing the demand for Web developers. This shift in demand are forcing IT departments and Web Development companies to reduce the size of the web development teams and increase the size of their SharePoint team, in other words, take staff originally hired for web development and get them into SharePoint development. This is currently the "normal" approach in getting SharePoint experts, many IT Recruitment companies still don’t understand this shift in demand, and are not yet focusing in the SharePoint space, some recruiting companies haven’t even heard of SharePoint and
Read more

Don’t use SharePoint 2010’s mobile view for internet presence sites

-
Image
SharePoint offers a lot; it’s a platform that provides BI, ECM, Search, collaboration and a lot more including WCM.  It’s the Web Content Management (WCM) component that makes it’s a great platform for internet presence sites and with the more appealing pricing structure available for internet presence, it is becoming the preferred choice to internet deployment. Without any effort from the SharePoint deployment team, SharePoint provides a “mobile friendly” view of the site been created.  In theory, this sounds great, this means that we can create a SharePoint site, apply a nice appealing brand to it (it is an internet site, so the look is important), spend some time on the structure the content so information can be easily found (very important for internet sites), configure search correctly and then fill the site with information and images knowing that it will automatically work out the best way to display this information on mobile devices, right?   WRONG! SharePoint offers
Read more

The move from Technical Expert to Manager

-
Image
Let me start of by explaining how things were before I became a Manager. I worked my way to a Senior ASP.NET developer with a decent amount of SharePoint exposure; it only took me 7 years. And in those 7 years I was usually poorly managed; • scope was poorly defined and not managed • no clear plan was in place or plan omitted crucial steps • timeframes were unrealistic • no quality checks were in place (faults were discovered during client demo's) • clients expectations were not managed • communications were poor • processes were not followed • resource allocation was poor (I once requested a .NET developer and my Manager believed he solved the problem when he got me a junior network administrator who knew a little HTML) • poor risk management In many cases I had reached a point where I had very little faith (or respect) for my manager that I insist that they present me with the requirements and leave me alone so I can “do my magic”, this involv
Read more