Personal Information Data Discovery Risk Assessment

Data protection is an important aspect of the protection of an individual’s right to privacy. Both the common law in South Africa and the Constitution recognise a right to privacy but that right is limited in certain circumstances and does not provide “an adequate level of protection” of personal information in terms of prevailing international standards.

The Protection of Personal Information Act provides for comprehensive regulation of all aspects of the collection, use, disclosure, storage of and access to personal information. The implications of the Act are extremely wide-ranging in all areas but especially in the context of employees, potential and former employees and most importantly customers.

An important new requirement in the Act which employers need to be aware of is that all organizations will be required to notify certain details to the Information Protection Commission (the new body to be established which will be responsible for monitoring and enforcing compliance with the Act) including the organization’s name and address, the purposes for which personal information may be processed, a description of the categories of data subjects, the categories of recipients to whom information may be supplied, any planned cross-border transfers of information, and a general description of the security measures in place to safeguard the confidentiality, integrity and availability of the information. The contents of the notification will need to be carefully drafted to ensure that all potential processing of personal information by an employer is covered.

Understanding where the personal information is located is the foundation of a sound framework for assessing governance and compliance risks associated with the Protection of Personal Information Act. Therefore, data discovery is a critical component of risk mitigation in complying with the Act. Attention has to be paid to discovering data on laptops and other end point devices, as well as within the data center’s applications, file stores and databases. It is critical to identify where all the personal information is within the enterprise. In doing so an organization can manage the scope and risk exposure related to processing personal information through the infrastructure.

Discover personal information and company IP:

Private Protocol offers customers a personal information discovery risk assessment service which will allow customers to investigate and understand the full effect and scope of personal information within their organization in accordance with the Act.
The non-intrusive engagement would discover the extend of the stored and processed personal information within the organization. After which an organization will have a better understanding of where all personal information is found within the organization and how it is processed through the organization. This will enable risk management and business to undertake the necessary risk mitigation processes to comply with the Act.

At the end of the engagement a comprehensive report detailing all the locations of personal information within the organizations infrastructure is delivered along with recommendations and action points.

The following data is included in reports:

Location, machine name, directory and or share name, file name, database name (table, Column, field), Data Types.

Report Types:

Executive Summary, Data Location Reports, Incidents Reports, Top shares, Hi-Risk locations

Private Protocol strives to deliver innovative data protection solutions and services to assist customers in protecting their data assets.