Companies have ID 'responsibility'

2013-08-26 12:00
Spam has increased slightly, research by a security firm has found. (Duncan Alfreds, News24)

Spam has increased slightly, research by a security firm has found. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - Companies are required to take care of personal information by ensuring that it is stored in a secure environment, a security expert has said.

"The possession of personal information, including ID, of an individual by any organisation needs to have been processed with integrity and must be managed and protected with the necessary levels of security that this information deserves," Dawid Jacobs, head of the Independent Identity Verification Department at Forensics4Africa told News24.

The company, a division of Strategic Investigations and Seminars, specialises in forensic science, investigation and risk management.

The reality in South Africa is that personal information is not often securely held in secure servers.

The City of Johannesburg's data was recently breached and MyBroadband reported that a flaw allowed any users with an internet connection to see personally identifiable information.

Personal data

Jacobs said that companies or organisations have the responsibility to ensure data integrity.

"This requires the implementation of specific policies and procedures and checks and balances to ensure that those tasked with the custody of the information are firstly aware of the importance of protecting this vital information and secondly is legally restrained from using this information for own or any other gain."

The Protection of Personal Information (Popi) bill is slated to become law in 2013 and it is expected to severely curtail the way that organisations handle personal data.

"Popi has been in the pipeline for about 12 years. Although we have laws for breach of privacy, no-one has really taken the money or the time to litigate around that," Sylvia Papadopoulos, lecturer in the Department of Mercantile, Cyber Law at University of Pretoria told News24.

Online identities could be used to steal money from a users account and Media24 CEO Esmaré Weideman recently lost thousands in an apparent SIM swop scam.

The banking sector said that often, the weakest link in the chain protecting against the theft of personal information is the user's smartphone.

"The problem ends up being with the user themselves. We've got these apps sitting on your mobile phone or your computer, but it's out of the banks' control in terms of where you go and what else you do," said Kalyani Pillay, CEO of the South African Banking Risk Information Centre (Sabric).

Secure environment

Forensics4Africa has patented an Independent Identity Verification process where IDs are stored on a server without direct internet access.

Jacobs said that one of the best ways to prevent identity theft is to ensure that IDs are stored in a secure environment where transactions can be verified.

"Thus one of the best ways to protect an individual’s ID is to have it securely stored by a private company and prevent ID theft by verifying the ID before any transaction such as the signing of a debit order or the purchasing of goods on hire purchase."

- Follow Duncan on Twitter
Read more on:    e-commerce  |  online privacy  |  cybercrime
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.