Search results

1 – 10 of 14
To view the access options for this content please click here
Article
Publication date: 30 July 2019

Nkholedzeni Sidney Netshakhuma

This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code…

Abstract

Purpose

This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance.

Design/methodology/approach

The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop.

Findings

The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff.

Research limitations/implications

This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure.

Practical implications

The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA.

Social implications

The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR).

Originality/value

This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.

To view the access options for this content please click here
Article
Publication date: 28 August 2019

Adéle Da Veiga, Ruthea Vorster, Fudong Li, Nathan Clarke and Steven M. Furnell

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to…

Abstract

Purpose

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

Design/methodology/approach

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

Findings

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

Research limitations/implications

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Originality/value

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

To view the access options for this content please click here
Article
Publication date: 9 July 2018

Adéle Da Veiga

This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure…

Abstract

Purpose

This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.

Design/methodology/approach

A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.

Findings

The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.

Practical implications

Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.

Originality/value

The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.

To view the access options for this content please click here
Article
Publication date: 18 May 2021

Paulus Swartz, Adele Da Veiga and Nico Martins

This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time…

Abstract

Purpose

This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the information privacy governance questionnaire (IPGQ) used in this study.

Design/methodology/approach

A quantitative research approach was followed using an online survey questionnaire to collect data in a bank in South Africa.

Findings

The survey results showed that employees perceived the governance of privacy in the organisation in a positive way. Three significant differences were identified, namely, Generation-Y being significantly more positive than Generation-X regarding privacy control assessment. Also, that the contractor/vendor group was significantly more positive than permanent employees regarding organisational commitment and privacy control assessment. Exploratory factor analysis was used to validate the IPGQ and four factors were identified: privacy control assessment, personal information awareness assessment, privacy governance reporting and organisational commitment towards privacy. Cronbach’s alpha was used to establish the internal reliability of the factors and indicated good internal consistency.

Research limitations/implications

One of the potential empirical research limitations for this study is that the study was conducted in a single organisation; therefore, when generalising the results, caution must be taken.

Practical implications

Organisations, academics and the industry may find the questionnaire useful to determine employee perception towards privacy governance and to identify recommendations that could be used to improve their privacy policies, privacy programme controls and organisational commitment towards privacy. In this study, it was identified that for Generation-X employees to be more accepting towards the privacy controls, the organisation needs to implement focussed awareness training for them. To ensure permanent employees’ commitment and accountability, internal audits, monitoring and risk assessment measures need to be implemented. These can be directed through the outcomes of the survey.

Originality/value

The IPGQ can aid organisations in determining if they are governing privacy effectively, and thus assist them in meeting the accountability condition of data protection regulation.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 18 August 2020

Nkholedzeni Sidney Netshakhuma

The purpose of this study was to investigate the state of appraisal with regard to compliance with archives and records management legislations (ARML), the archives and…

Abstract

Purpose

The purpose of this study was to investigate the state of appraisal with regard to compliance with archives and records management legislations (ARML), the archives and records management policy (ARMP), reappraisal of records, capacity building, archives building and electronic records management (ERM) and to make a recommendation based on the research findings.

Design/methodology/approach

This study was based on the qualitative research technique. The research approach was a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

Findings

The study found that ARML, ARMP, reappraisal of records and capacity building are essential for the appraisal of university records. The lack of appropriate appraisal theory/strategy led to a loss of institutional memory.

Research limitations/implications

This research was limited to the University of the Witwatersrand (WITS) and the University of Venda (UNIVEN). These two institutions are representatives of the state of archiving in South Africa.

Practical implications

This research will serve a benchmark for other South African universities, intending to implement systematic disposal of records in compliance with legislations and policies.

Social implications

Failure by universities to appraise records will lead to the loss of institutional memory. This implies that history of institution will be lost if necessary measures are not taken.

Originality/value

There is very little, if any, research on the appraisal of South African universities’ records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

Details

Aslib Journal of Information Management, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2050-3806

Keywords

To view the access options for this content please click here
Article
Publication date: 3 June 2020

Nkholedzeni Sidney Netshakhuma

The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend…

Abstract

Purpose

The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend appraisal of records to recognize African culture, reviewing records management policy to include an element on the appraisal of records, raise awareness on the appraisal of records, capacity building and develop electronic records management strategy to appraise records.

Design/methodology/approach

This study is based on the qualitative research technique. The research approach is a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

Findings

The study found that archives and records management legislation, archives and records management policy, re-appraisal of records, capacity building are essential for the appraisal of university records. Lack of appropriate appraisal theory and strategy by the University of Witwatersrand and the University of Venda leads to a loss of institutional memory.

Research limitations/implications

This research is limited to the University of Witwatersrand and the University of Venda. These two institutions are a sample of the state of archiving in South Africa.

Originality/value

There is very little, if any, research on the appraisal of South African universities' records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

Details

Aslib Journal of Information Management, vol. 72 no. 4
Type: Research Article
ISSN: 2050-3806

Keywords

Content available
Article
Publication date: 20 January 2020

Jo Smedley

Abstract

Details

Global Knowledge, Memory and Communication, vol. 69 no. 1/2
Type: Research Article
ISSN: 2514-9342

To view the access options for this content please click here
Article
Publication date: 17 June 2021

Amos Shibambu and Ngoako Solomon Marutha

The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.

Abstract

Purpose

The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.

Design/methodology/approach

This qualitative case study used semi-structured interviews and document analysis to collect data from regulatory documents, records practitioners and chief information officers in the national government departments in South Africa.

Findings

This study reveals that despite the advent of cloud computing, government is still struggling with manual paper-based records challenges, as they have not developed a government-owned cloud in which to manage and dispose records.

Practical implications

Technological advancements have brought about dramatic changes to the management and disposition of records since cloud computing emerged. The traction gained by cloud computing influences how records are managed and disposed in the cloud storage. Currently, the South African Government manages and disposes records in the government premises as stipulated by the National Archives and Records Service of South Africa Act (1996). This is enforced by the National Archives and Records Service of South Africa, which is the government records regulator because records are on paper-based, microfilms and audio-visual formats. It is hoped that the recommendations and framework proposed in this study may assist the government and related sectors in the adoption and implementation of the cloud computing system for records management and disposal. This may assist in resolving challenges such as missing files, damaged records and archives and long turnaround time for retrieval of records.

Social implications

In South Africa, the digital records are securely stored in storage mediums such as hard drives and USBs, to mention but a few. In addition to digital obsolescence faced by the storage mediums, global access to information is hindered because information is limited to those who can visit the archival holdings. The alternative option is to manage and dispose of records in the cloud. The framework and recommendations in this study may also assist in improving information, archives and records management policies and service delivery to the community at large. The framework proposed may be applied as a theory for framing future studies in the same area of cloud computing and used as a resource to guide other future studies and policymakers.

Originality/value

This study provides a framework for management of digital records on the cloud in South Africa. It also proposes the promulgation of the Cloud Act to promote unlimited access to state heritage, regardless of time and location. This study is framed on the Digital Curation Centre Life Cycle Model.

Details

Information Discovery and Delivery, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2398-6247

Keywords

To view the access options for this content please click here
Article
Publication date: 2 December 2020

Ngoako Solomon Marutha and Olefhile Mosweu

This study sought to investigate a framework for ensuring the confidentiality and security of information at the public health-care facilities to curb HIV/AIDS trauma…

Abstract

Purpose

This study sought to investigate a framework for ensuring the confidentiality and security of information at the public health-care facilities to curb HIV/AIDS trauma among patients in Africa. In most instances, trauma to HIV/AIDS patients accelerate because of their personal information relating to the state of illness leaks to public people.

Design/methodology/approach

This qualitative study used literature to study confidentiality and security of information at the public health-care facilities to curb HIV/AIDS trauma among patients in Africa.

Findings

The study revealed that confidentiality and security of information has been neglected, in most instances, at the health-care facilities, and this has, to some extent, affected HIV/AIDS patients negatively, leading to trauma, stigma and skipping of treatment by patients resulting in accelerated mortality among chronic patients. The study recommends that patients’ information be always strictly controlled and kept confidential and secured at all the times, especially that of HIV/AIDS patients.

Practical implications

The proposed framework can be used by health-care facilities to guide the management and promotion of the confidentiality and security of information in the public health-care facilities to curb additional trauma to HIV/AIDS patients in the context of Africa, and even beyond.

Originality/value

The study provides a framework to ensure the confidentiality and security of information at the public health-care facilities to curb additional trauma to HIV/AIDS patients.

Details

Global Knowledge, Memory and Communication, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2514-9342

Keywords

To view the access options for this content please click here
Article
Publication date: 14 August 2020

Nkholedzeni Sidney Netshakhuma

This paper aims to assess the Section 12 of the Political Party Funding Act No. 6 of 2018 of South Africa with a view of recommending good records management practice.

Abstract

Purpose

This paper aims to assess the Section 12 of the Political Party Funding Act No. 6 of 2018 of South Africa with a view of recommending good records management practice.

Design/methodology/approach

This paper is based on a literature review and an analysis of political funding access to information and records management literatures.

Findings

The study found that a lack of good records management practice is hindering transparency in government practice in South Africa. Furthermore, the enactment of the Political Party Funding Act No. 6 of 2018 has created the potential for South Africa political parties to start applying good records management practices.

Research limitations/implications

This research is limited to Section 12 of the political parties funding Act No 6 of 2018 to promote accountability transparency.

Practical implications

The effective implementation of the Political Party Funding Act, 2018 will contribute to the preservation of records with financial, historical and cultural values.

Social implications

The implementation of the Political Party Funding Act No. 6 of 2018 Section 12 is expected to lead an open, transparent and accountable South African society through the establishment of a a records management programme.

Originality/value

This paper raises important considerations around ensuring compliance and accountability in government recordkeeping within the context of recent legislation. While discussion around the importance and use of records management is not new, the legislation brings an opportunity for fresh discussion within a national political context.

Details

Global Knowledge, Memory and Communication, vol. 70 no. 4/5
Type: Research Article
ISSN: 2514-9342

Keywords

1 – 10 of 14