Search results

This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance.

The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop.

The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff.

This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure.

The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA.

The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR).

This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

This paper aims to propose an information privacy culture index framework (IPCIF) with a validated information privacy culture index instrument (IPCII) to measure information privacy culture across nations. The framework is based on consumers’ privacy expectations, their actual experiences when organisations process their personal information and their general privacy concerns.

A survey method was deployed to collect data in South Africa – the first participating country in the study – to start building a global information privacy culture index (IPCI) and to validate the questionnaire.

The IPCI revealed that there seems to be a disconnect between what consumers expect in terms of privacy and the way in which organisations are honouring (or failing to honour) those expectations, which results in a breach of trust and the social contract being violated.

Governments, information regulators and organisations can leverage the results of the privacy culture index to implement corrective actions and controls aimed at addressing the gaps identified from a consumer and compliance perspective. The validated IPCII can be used by both academia and industry to measure the information privacy culture of an institution, organisation or country to identify what to improve to address consumer privacy expectations and concerns.

The IPCIF and validated IPCII are the first tools that combine the concepts of consumer expectations and their confidence levels in whether organisations are meeting their privacy expectations, which are in line with the fair information practice principles and the privacy guidelines of the Organisation for Economic Cooperation and Development, to determine gaps and define improvement plans.

This study aims to conduct a survey in a bank to measure the perception of employees towards the effective governance of information privacy and at the same time validating the information privacy governance questionnaire (IPGQ) used in this study.

A quantitative research approach was followed using an online survey questionnaire to collect data in a bank in South Africa.

The survey results showed that employees perceived the governance of privacy in the organisation in a positive way. Three significant differences were identified, namely, Generation-Y being significantly more positive than Generation-X regarding privacy control assessment. Also, that the contractor/vendor group was significantly more positive than permanent employees regarding organisational commitment and privacy control assessment. Exploratory factor analysis was used to validate the IPGQ and four factors were identified: privacy control assessment, personal information awareness assessment, privacy governance reporting and organisational commitment towards privacy. Cronbach’s alpha was used to establish the internal reliability of the factors and indicated good internal consistency.

One of the potential empirical research limitations for this study is that the study was conducted in a single organisation; therefore, when generalising the results, caution must be taken.

Organisations, academics and the industry may find the questionnaire useful to determine employee perception towards privacy governance and to identify recommendations that could be used to improve their privacy policies, privacy programme controls and organisational commitment towards privacy. In this study, it was identified that for Generation-X employees to be more accepting towards the privacy controls, the organisation needs to implement focussed awareness training for them. To ensure permanent employees’ commitment and accountability, internal audits, monitoring and risk assessment measures need to be implemented. These can be directed through the outcomes of the survey.

The IPGQ can aid organisations in determining if they are governing privacy effectively, and thus assist them in meeting the accountability condition of data protection regulation.

The purpose of this study was to investigate the state of appraisal with regard to compliance with archives and records management legislations (ARML), the archives and records management policy (ARMP), reappraisal of records, capacity building, archives building and electronic records management (ERM) and to make a recommendation based on the research findings.

This study was based on the qualitative research technique. The research approach was a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

The study found that ARML, ARMP, reappraisal of records and capacity building are essential for the appraisal of university records. The lack of appropriate appraisal theory/strategy led to a loss of institutional memory.

This research was limited to the University of the Witwatersrand (WITS) and the University of Venda (UNIVEN). These two institutions are representatives of the state of archiving in South Africa.

This research will serve a benchmark for other South African universities, intending to implement systematic disposal of records in compliance with legislations and policies.

Failure by universities to appraise records will lead to the loss of institutional memory. This implies that history of institution will be lost if necessary measures are not taken.

There is very little, if any, research on the appraisal of South African universities’ records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

The purpose of this study was to investigate a framework for the implementation of freedom of information (FOI) legislation in South Africa, against Article 19’s nine principles of FOI legislation.

This qualitative study used semi-structured interviews to collect data from six experts selected by means of the snowball sampling technique and content analysis. The study used a modified Delphi design consisting of two rounds of interviews.

The results showed that little effort is made by government officials to demonstrate commitment to the implementation of FOI legislation.

The passing of FOI is expected to reduce corruption, increase public participation, reduce the level of secrecy and increase transparency and openness. This is not the case as the implementation of this socioeconomic right in South Africa is faced by numerous challenges, such as a lack of political will, secrecy laws providing for the opposite of what the FOI legislation seeks to achieve, poor legislative interpretation and a lack of clear policies. The study proposes a framework aimed at addressing these challenges.

The study provides a framework for the implementation of FOI legislation. The framework was developed under the guidance of Article 19 principles of freedom of information legislation.

The purpose of this study is to assess the appraisal of records at the University of Witwatersrand and the University of Venda. Furthermore, the study intends to recommend appraisal of records to recognize African culture, reviewing records management policy to include an element on the appraisal of records, raise awareness on the appraisal of records, capacity building and develop electronic records management strategy to appraise records.

This study is based on the qualitative research technique. The research approach is a multiple case study comparing the previously advantaged and disadvantaged universities in South Africa.

The study found that archives and records management legislation, archives and records management policy, re-appraisal of records, capacity building are essential for the appraisal of university records. Lack of appropriate appraisal theory and strategy by the University of Witwatersrand and the University of Venda leads to a loss of institutional memory.

This research is limited to the University of Witwatersrand and the University of Venda. These two institutions are a sample of the state of archiving in South Africa.

There is very little, if any, research on the appraisal of South African universities' records. The outcome of this research will benefit universities that are seeking to develop and implement appraisal strategies.

President Cyril Ramaphosa, in his 2018 State of the Nation Address, stated that “Thieves who are stealing public funds should be arrested and prosecuted”, and called for lifestyle audits of public-sector employees. The gross misuse of COVID-19 relief funds by public officials indicated the urgent need to execute these audits as an anti-corruption measure. This paper aims to provide a review of the existing state of affairs with regard to the application of lifestyle audits in South Africa.

This paper critically analyses the literature available on the current position of South Africa concerning lifestyle audits in the public sector, based on the mandates of some of the anti-corruption agencies that could be responsible for the conducting and processing of such audits.

South Africa has only recently seen a framework for applying lifestyle audits, developed by the Department of Public Service and Administration. Although these first steps in developing a standard practice are laudable, the practical process of dealing with misconduct and/or criminal matters remains to be seen. It is recommended that South Africa consider a legislative approach to dealing with unlawfully obtained wealth by either criminalising the act of illicit enrichment (per the United Nations Convention Against Corruption) or creating an Unexplained Wealth Order, as seen, for example, in the UK.

South Africa is in dire need of addressing corruption in the public sector. Despite lifestyle audits being called for, the lack of proper implementation is negating any positive outcomes. Therefore, alternative solutions should be investigated.

The General Data Protection Regulation (GDPR) introduces significant data protection obligations on all organizations within the European Union (EU) and those transacting with EU citizens. This paper presents the GDPR privacy label and uses two empirical studies to examine the effectiveness of this approach in influencing consumers' privacy perceptions and related behavioral intentions.

The paper tests the efficacy of two GDPR privacy label designs, a consent-based label and a static label. Study 1 examines the effects of each label on perceptions of risk, control and privacy. Study 2 investigates the influence of consumers' privacy perceptions on perceived trustworthiness and willingness to interact with the organization.

The findings support the potential of GDPR privacy labels for positively influencing perceptions of risk, control, privacy and trustworthiness and enhancing consumers' willingness to transact and disclose data to online organizations.

The findings are useful for organizations required to comply with the GDPR and present a solution to requirements for transparent communications and explicit consent.

This study examines and demonstrates the efficacy of visualized privacy policies in impacting consumer privacy perceptions and behavioral intentions.