Data privacy is simply about the collection and dissemination of information about any entity. It invariably involves technology that is used to collect and disseminate the data, the public’s expectation of privacy (latent or otherwise), and legal and political issues surrounding the data. Notably, the main challenge of data privacy involves the use of data whilst protecting an individual’s identifiable attributes, which has necessitated the institution of various privacy protection laws in different countries.
The fourth industrial revolution has seen the rise of a data economy, with substantial advantages being realised from increased usage of data, with companies such as Facebook and Google being the frontrunners in demonstrating this fact. However, this usage of data, particularly data relating to individuals’ identity and personal preferences, essentially requires a level of trust between the data custodians and individuals from whom the data is collected.
This important fact has made it necessary for companies invested in the data economy to prioritise being well informed and compliant to data protection policies. Governments in different countries have thus instituted laws to this effect. South Africa has been no exception to this. The data protection policies employed by South Africa are discussed in the paragraphs below.
Each company invested in the data economy needs to have regulatory mechanism governing their data protection policies. There should be evidence of legal or regulatory policy to promote data protection of some form, or policy statements have been made that this issue will be addressed in the company’s policy. There should be some form of Terms of Service specifying how the company will explicitly address data protection concerns, with assurances regarding protection of information supplied from loss, misuse, alteration or destruction.
Furtheremore, the policy should clearly specify that the data protection principles apply to all employees and administration who are involved in one way or another in handling the data, as well as any other individuals or entities that may at some point get access to the data. The South African government has put into effect the Protection of Personal Information Act of 2013 (1), which put in effect the constitutional right to privacy, protecting individuals’ personal information that is handled by any responsible party. Each company thus needs to be well informed on the implications of this act and have a clear data protection policy addressing all the items specified by the act.
Data privacy is clearly an issue that cannot be taken lightly, and companies need to ensure that they have all the bases lawfully covered in order to avoid any complications. Privacy forms the basis of freedom and civil liberties. Companies need to carefully reflect on all their policies relating to privacy, and data privacy is certainly no exception.