Search results

This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance.

The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop.

The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff.

This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure.

The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA.

The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR).

This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.

A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.

The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.

Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.

The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.

This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the information privacy governance questionnaire (IPGQ) used in this study.

A quantitative research approach was followed using an online survey questionnaire to collect data in a bank in South Africa.

The survey results showed that employees perceived the governance of privacy in the organisation in a positive way. Three significant differences were identified, namely, Generation-Y being significantly more positive than Generation-X regarding privacy control assessment. Also, that the contractor/vendor group was significantly more positive than permanent employees regarding organisational commitment and privacy control assessment. Exploratory factor analysis was used to validate the IPGQ and four factors were identified: privacy control assessment, personal information awareness assessment, privacy governance reporting and organisational commitment towards privacy. Cronbach’s alpha was used to establish the internal reliability of the factors and indicated good internal consistency.

One of the potential empirical research limitations for this study is that the study was conducted in a single organisation; therefore, when generalising the results, caution must be taken.

Organisations, academics and the industry may find the questionnaire useful to determine employee perception towards privacy governance and to identify recommendations that could be used to improve their privacy policies, privacy programme controls and organisational commitment towards privacy. In this study, it was identified that for Generation-X employees to be more accepting towards the privacy controls, the organisation needs to implement focussed awareness training for them. To ensure permanent employees’ commitment and accountability, internal audits, monitoring and risk assessment measures need to be implemented. These can be directed through the outcomes of the survey.

The IPGQ can aid organisations in determining if they are governing privacy effectively, and thus assist them in meeting the accountability condition of data protection regulation.

The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend appraisal of records to recognize African culture, reviewing records management policy to include an element on the appraisal of records, raise awareness on the appraisal of records, capacity building and develop electronic records management strategy to appraise records.

This study is based on the qualitative research technique. The research approach is a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

The study found that archives and records management legislation, archives and records management policy, re-appraisal of records, capacity building are essential for the appraisal of university records. Lack of appropriate appraisal theory and strategy by the University of Witwatersrand and the University of Venda leads to a loss of institutional memory.

This research is limited to the University of Witwatersrand and the University of Venda. These two institutions are a sample of the state of archiving in South Africa.

There is very little, if any, research on the appraisal of South African universities' records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

President Cyril Ramaphosa, in his 2018 State of the Nation Address, stated that “Thieves who are stealing public funds should be arrested and prosecuted”, and called for lifestyle audits of public-sector employees. The gross misuse of COVID-19 relief funds by public officials indicated the urgent need to execute these audits as an anti-corruption measure. This paper aims to provide a review of the existing state of affairs with regard to the application of lifestyle audits in South Africa.

This paper critically analyses the literature available on the current position of South Africa concerning lifestyle audits in the public sector, based on the mandates of some of the anti-corruption agencies that could be responsible for the conducting and processing of such audits.

South Africa has only recently seen a framework for applying lifestyle audits, developed by the Department of Public Service and Administration. Although these first steps in developing a standard practice are laudable, the practical process of dealing with misconduct and/or criminal matters remains to be seen. It is recommended that South Africa consider a legislative approach to dealing with unlawfully obtained wealth by either criminalising the act of illicit enrichment (per the United Nations Convention Against Corruption) or creating an Unexplained Wealth Order, as seen, for example, in the UK.

South Africa is in dire need of addressing corruption in the public sector. Despite lifestyle audits being called for, the lack of proper implementation is negating any positive outcomes. Therefore, alternative solutions should be investigated.

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.

Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context.

A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company.

A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain.

This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.

The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.

This qualitative case study used semi-structured interviews and document analysis to collect data from regulatory documents, records practitioners and chief information officers in the national government departments in South Africa.

This study reveals that despite the advent of cloud computing, government is still struggling with manual paper-based records challenges, as they have not developed a government-owned cloud in which to manage and dispose records.

Technological advancements have brought about dramatic changes to the management and disposition of records since cloud computing emerged. The traction gained by cloud computing influences how records are managed and disposed in the cloud storage. Currently, the South African Government manages and disposes records in the government premises as stipulated by the National Archives and Records Service of South Africa Act (1996). This is enforced by the National Archives and Records Service of South Africa, which is the government records regulator because records are on paper-based, microfilms and audio-visual formats. It is hoped that the recommendations and framework proposed in this study may assist the government and related sectors in the adoption and implementation of the cloud computing system for records management and disposal. This may assist in resolving challenges such as missing files, damaged records and archives and long turnaround time for retrieval of records.

In South Africa, the digital records are securely stored in storage mediums such as hard drives and USBs, to mention but a few. In addition to digital obsolescence faced by the storage mediums, global access to information is hindered because information is limited to those who can visit the archival holdings. The alternative option is to manage and dispose of records in the cloud. The framework and recommendations in this study may also assist in improving information, archives and records management policies and service delivery to the community at large. The framework proposed may be applied as a theory for framing future studies in the same area of cloud computing and used as a resource to guide other future studies and policymakers.

This study provides a framework for management of digital records on the cloud in South Africa. It also proposes the promulgation of the Cloud Act to promote unlimited access to state heritage, regardless of time and location. This study is framed on the Digital Curation Centre Life Cycle Model.