Search results
1 – 10 of 17Nkholedzeni Sidney Netshakhuma
This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of…
Abstract
Purpose
This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance.
Design/methodology/approach
The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop.
Findings
The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff.
Research limitations/implications
This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure.
Practical implications
The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA.
Social implications
The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR).
Originality/value
This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.
Details
Keywords
Adéle Da Veiga, Ruthea Vorster, Fudong Li, Nathan Clarke and Steven M. Furnell
The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish…
Abstract
Purpose
The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.
Design/methodology/approach
An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.
Findings
The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.
Research limitations/implications
As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.
Originality/value
Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.
Details
Keywords
This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information…
Abstract
Purpose
This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.
Design/methodology/approach
A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.
Findings
The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.
Practical implications
Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.
Originality/value
The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.
Details
Keywords
Paulus Swartz, Adele Da Veiga and Nico Martins
This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the…
Abstract
Purpose
This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the information privacy governance questionnaire (IPGQ) used in this study.
Design/methodology/approach
A quantitative research approach was followed using an online survey questionnaire to collect data in a bank in South Africa.
Findings
The survey results showed that employees perceived the governance of privacy in the organisation in a positive way. Three significant differences were identified, namely, Generation-Y being significantly more positive than Generation-X regarding privacy control assessment. Also, that the contractor/vendor group was significantly more positive than permanent employees regarding organisational commitment and privacy control assessment. Exploratory factor analysis was used to validate the IPGQ and four factors were identified: privacy control assessment, personal information awareness assessment, privacy governance reporting and organisational commitment towards privacy. Cronbach’s alpha was used to establish the internal reliability of the factors and indicated good internal consistency.
Research limitations/implications
One of the potential empirical research limitations for this study is that the study was conducted in a single organisation; therefore, when generalising the results, caution must be taken.
Practical implications
Organisations, academics and the industry may find the questionnaire useful to determine employee perception towards privacy governance and to identify recommendations that could be used to improve their privacy policies, privacy programme controls and organisational commitment towards privacy. In this study, it was identified that for Generation-X employees to be more accepting towards the privacy controls, the organisation needs to implement focussed awareness training for them. To ensure permanent employees’ commitment and accountability, internal audits, monitoring and risk assessment measures need to be implemented. These can be directed through the outcomes of the survey.
Originality/value
The IPGQ can aid organisations in determining if they are governing privacy effectively, and thus assist them in meeting the accountability condition of data protection regulation.
Details
Keywords
Nkholedzeni Sidney Netshakhuma
The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend…
Abstract
Purpose
The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend appraisal of records to recognize African culture, reviewing records management policy to include an element on the appraisal of records, raise awareness on the appraisal of records, capacity building and develop electronic records management strategy to appraise records.
Design/methodology/approach
This study is based on the qualitative research technique. The research approach is a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.
Findings
The study found that archives and records management legislation, archives and records management policy, re-appraisal of records, capacity building are essential for the appraisal of university records. Lack of appropriate appraisal theory and strategy by the University of Witwatersrand and the University of Venda leads to a loss of institutional memory.
Research limitations/implications
This research is limited to the University of Witwatersrand and the University of Venda. These two institutions are a sample of the state of archiving in South Africa.
Originality/value
There is very little, if any, research on the appraisal of South African universities' records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.
Details
Keywords
Jacqui-Lyn McIntyre, Duane Aslett and Nico Buitendag
President Cyril Ramaphosa, in his 2018 State of the Nation Address, stated that “Thieves who are stealing public funds should be arrested and prosecuted”, and called for lifestyle…
Abstract
Purpose
President Cyril Ramaphosa, in his 2018 State of the Nation Address, stated that “Thieves who are stealing public funds should be arrested and prosecuted”, and called for lifestyle audits of public-sector employees. The gross misuse of COVID-19 relief funds by public officials indicated the urgent need to execute these audits as an anti-corruption measure. This paper aims to provide a review of the existing state of affairs with regard to the application of lifestyle audits in South Africa.
Design/methodology/approach
This paper critically analyses the literature available on the current position of South Africa concerning lifestyle audits in the public sector, based on the mandates of some of the anti-corruption agencies that could be responsible for the conducting and processing of such audits.
Findings
South Africa has only recently seen a framework for applying lifestyle audits, developed by the Department of Public Service and Administration. Although these first steps in developing a standard practice are laudable, the practical process of dealing with misconduct and/or criminal matters remains to be seen. It is recommended that South Africa consider a legislative approach to dealing with unlawfully obtained wealth by either criminalising the act of illicit enrichment (per the United Nations Convention Against Corruption) or creating an Unexplained Wealth Order, as seen, for example, in the UK.
Originality/value
South Africa is in dire need of addressing corruption in the public sector. Despite lifestyle audits being called for, the lack of proper implementation is negating any positive outcomes. Therefore, alternative solutions should be investigated.
Details
Keywords
Grace Fox, Theo Lynn and Pierangelo Rosati
The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU…
Abstract
Purpose
The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.
Design/methodology/approach
The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.
Findings
The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.
Practical implications
The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.
Originality/value
This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.
Details
Keywords
Anusha Bhana and Jacques Ophoff
Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and…
Abstract
Purpose
Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context.
Design/methodology/approach
A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company.
Findings
A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain.
Originality/value
This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.
Details
Keywords
Amos Shibambu and Ngoako Solomon Marutha
The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.
Abstract
Purpose
The purpose of this paper is to investigate a framework for management of digital records on the cloud in South Africa.
Design/methodology/approach
This qualitative case study used semi-structured interviews and document analysis to collect data from regulatory documents, records practitioners and chief information officers in the national government departments in South Africa.
Findings
This study reveals that despite the advent of cloud computing, government is still struggling with manual paper-based records challenges, as they have not developed a government-owned cloud in which to manage and dispose records.
Practical implications
Technological advancements have brought about dramatic changes to the management and disposition of records since cloud computing emerged. The traction gained by cloud computing influences how records are managed and disposed in the cloud storage. Currently, the South African Government manages and disposes records in the government premises as stipulated by the National Archives and Records Service of South Africa Act (1996). This is enforced by the National Archives and Records Service of South Africa, which is the government records regulator because records are on paper-based, microfilms and audio-visual formats. It is hoped that the recommendations and framework proposed in this study may assist the government and related sectors in the adoption and implementation of the cloud computing system for records management and disposal. This may assist in resolving challenges such as missing files, damaged records and archives and long turnaround time for retrieval of records.
Social implications
In South Africa, the digital records are securely stored in storage mediums such as hard drives and USBs, to mention but a few. In addition to digital obsolescence faced by the storage mediums, global access to information is hindered because information is limited to those who can visit the archival holdings. The alternative option is to manage and dispose of records in the cloud. The framework and recommendations in this study may also assist in improving information, archives and records management policies and service delivery to the community at large. The framework proposed may be applied as a theory for framing future studies in the same area of cloud computing and used as a resource to guide other future studies and policymakers.
Originality/value
This study provides a framework for management of digital records on the cloud in South Africa. It also proposes the promulgation of the Cloud Act to promote unlimited access to state heritage, regardless of time and location. This study is framed on the Digital Curation Centre Life Cycle Model.
Details