Search results

This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance.

The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop.

The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff.

This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure.

The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA.

The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR).

This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.

A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.

The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.

Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.

The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.

This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the information privacy governance questionnaire (IPGQ) used in this study.

A quantitative research approach was followed using an online survey questionnaire to collect data in a bank in South Africa.

The survey results showed that employees perceived the governance of privacy in the organisation in a positive way. Three significant differences were identified, namely, Generation-Y being significantly more positive than Generation-X regarding privacy control assessment. Also, that the contractor/vendor group was significantly more positive than permanent employees regarding organisational commitment and privacy control assessment. Exploratory factor analysis was used to validate the IPGQ and four factors were identified: privacy control assessment, personal information awareness assessment, privacy governance reporting and organisational commitment towards privacy. Cronbach’s alpha was used to establish the internal reliability of the factors and indicated good internal consistency.

One of the potential empirical research limitations for this study is that the study was conducted in a single organisation; therefore, when generalising the results, caution must be taken.

Organisations, academics and the industry may find the questionnaire useful to determine employee perception towards privacy governance and to identify recommendations that could be used to improve their privacy policies, privacy programme controls and organisational commitment towards privacy. In this study, it was identified that for Generation-X employees to be more accepting towards the privacy controls, the organisation needs to implement focussed awareness training for them. To ensure permanent employees’ commitment and accountability, internal audits, monitoring and risk assessment measures need to be implemented. These can be directed through the outcomes of the survey.

The IPGQ can aid organisations in determining if they are governing privacy effectively, and thus assist them in meeting the accountability condition of data protection regulation.

The purpose of this study was to investigate the state of appraisal with regard to compliance with archives and records management legislations (ARML), the archives and records management policy (ARMP), reappraisal of records, capacity building, archives building and electronic records management (ERM) and to make a recommendation based on the research findings.

This study was based on the qualitative research technique. The research approach was a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

The study found that ARML, ARMP, reappraisal of records and capacity building are essential for the appraisal of university records. The lack of appropriate appraisal theory/strategy led to a loss of institutional memory.

This research was limited to the University of the Witwatersrand (WITS) and the University of Venda (UNIVEN). These two institutions are representatives of the state of archiving in South Africa.

This research will serve a benchmark for other South African universities, intending to implement systematic disposal of records in compliance with legislations and policies.

Failure by universities to appraise records will lead to the loss of institutional memory. This implies that history of institution will be lost if necessary measures are not taken.

There is very little, if any, research on the appraisal of South African universities’ records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend appraisal of records to recognize African culture, reviewing records management policy to include an element on the appraisal of records, raise awareness on the appraisal of records, capacity building and develop electronic records management strategy to appraise records.

This study is based on the qualitative research technique. The research approach is a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

The study found that archives and records management legislation, archives and records management policy, re-appraisal of records, capacity building are essential for the appraisal of university records. Lack of appropriate appraisal theory and strategy by the University of Witwatersrand and the University of Venda leads to a loss of institutional memory.

This research is limited to the University of Witwatersrand and the University of Venda. These two institutions are a sample of the state of archiving in South Africa.

There is very little, if any, research on the appraisal of South African universities' records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.

The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.

This qualitative case study used semi-structured interviews and document analysis to collect data from regulatory documents, records practitioners and chief information officers in the national government departments in South Africa.

This study reveals that despite the advent of cloud computing, government is still struggling with manual paper-based records challenges, as they have not developed a government-owned cloud in which to manage and dispose records.

Technological advancements have brought about dramatic changes to the management and disposition of records since cloud computing emerged. The traction gained by cloud computing influences how records are managed and disposed in the cloud storage. Currently, the South African Government manages and disposes records in the government premises as stipulated by the National Archives and Records Service of South Africa Act (1996). This is enforced by the National Archives and Records Service of South Africa, which is the government records regulator because records are on paper-based, microfilms and audio-visual formats. It is hoped that the recommendations and framework proposed in this study may assist the government and related sectors in the adoption and implementation of the cloud computing system for records management and disposal. This may assist in resolving challenges such as missing files, damaged records and archives and long turnaround time for retrieval of records.

In South Africa, the digital records are securely stored in storage mediums such as hard drives and USBs, to mention but a few. In addition to digital obsolescence faced by the storage mediums, global access to information is hindered because information is limited to those who can visit the archival holdings. The alternative option is to manage and dispose of records in the cloud. The framework and recommendations in this study may also assist in improving information, archives and records management policies and service delivery to the community at large. The framework proposed may be applied as a theory for framing future studies in the same area of cloud computing and used as a resource to guide other future studies and policymakers.

This study provides a framework for management of digital records on the cloud in South Africa. It also proposes the promulgation of the Cloud Act to promote unlimited access to state heritage, regardless of time and location. This study is framed on the Digital Curation Centre Life Cycle Model.

This study sought to investigate a framework for ensuring the confidentiality and security of information at the public health-care facilities to curb HIV/AIDS trauma among patients in Africa. In most instances, trauma to HIV/AIDS patients accelerate because of their personal information relating to the state of illness leaks to public people.

This qualitative study used literature to study confidentiality and security of information at the public health-care facilities to curb HIV/AIDS trauma among patients in Africa.

The study revealed that confidentiality and security of information has been neglected, in most instances, at the health-care facilities, and this has, to some extent, affected HIV/AIDS patients negatively, leading to trauma, stigma and skipping of treatment by patients resulting in accelerated mortality among chronic patients. The study recommends that patients’ information be always strictly controlled and kept confidential and secured at all the times, especially that of HIV/AIDS patients.

The proposed framework can be used by health-care facilities to guide the management and promotion of the confidentiality and security of information in the public health-care facilities to curb additional trauma to HIV/AIDS patients in the context of Africa, and even beyond.

The study provides a framework to ensure the confidentiality and security of information at the public health-care facilities to curb additional trauma to HIV/AIDS patients.