Cloud Backup and POPI Compliance
Today we are taking some time to highlight the South African privacy law, commonly referred to as POPI (Protection of Personal Information Act).
If you have not heard of this, you should take time to review the official bill, as it contains a number of laws surrounding what you are permitted to, or must do with personal information, including electronic transmission of related data.
This KPMG page summarises it nicely. Principle 7 (Security Safeguards) specifies “The underlying theme of Principle 7 is that all personal information should be kept secure against the risk of loss, unauthorised access, interference, modification, destruction or disclosure.”
On Deloitte’s page they talk about backing up data counting as sending information out of the country: “Most companies have no idea where their information is stored. They know that they outsource to a company but where that company sends information, they have no idea. They may not be intentionally sending information across borders, but may be unintentionally allowing information to cross borders.”