POPIA and GDPR: Personal Data Protection

Questions and Answers

Who is responsible for making decisions about business term definitions, data quality, accessibility, and retention requirements?

Data owners

Who is responsible for the security and use of a particular set of information?

Data owners

What is the role of a data trustee?

To oversee the management of a particular set of information

Who typically has access to information and has an information security role?

Data users

Who are usually divided further into areas of expertise, such as data modeling, data architecture, and database administration?

Data custodians

Who is aware of the regulations, policies, and laws governing data privacy?

Data owners

What is a common characteristic of personal data under both POPIA and GDPR?

It identifies a specific person or makes a person recognizable

What is one of the main benefits of POPIA for individuals?

Individuals have the power to access, correct, or delete their information

What is the maximum monetary penalty for a POPIA violation?

ZAR10 million

What is the maximum imprisonment term for certain POPIA violations?

10 years

Who is responsible for making decisions about data processing?

Responsible parties

What must companies do in the event of a data breach?

Notify all affected individuals

What is the main goal of data encryption?

To hide messages by scrambling and changing them

What is the purpose of automating data rights fulfillment?

To manually fulfill individual data access and deletion requests

What is the difference between data privacy and data security?

Data privacy is about being sensitive to personal information, while data security is about protecting data from unauthorized access

What is a benefit of following data privacy rules for companies?

To have a shield against legal trouble and reputation damage

What is the purpose of access control in a computing environment?

To regulate who or what can view or use resources

What is the main purpose of data classification in an organization?

To divide information into predefined groups or categories

What is the main benefit of using multi-factor authentication (MFA)?

It makes it harder for hackers to access personal accounts

Why are security controls and associated restrictions necessary for data classification?

To protect sensitive and valuable business documentation

What is an insider threat?

An act of malicious activity undertaken by users who have legitimate access to a network or database

What is the result of not following data privacy rules for companies?

Increased legal trouble and reputation damage

What is the purpose of data loss prevention (DLP)?

To prevent sensitive data from leaving the network

What is a characteristic of data classification solutions?

They divide information into predefined groups or categories

What is the primary goal of data privacy?

To prevent the exploitation of stolen data

What is the average daily time spent on social media by 54% of the world population?

2 hours and 21 minutes

What is a consequence of not protecting personal data on social media?

Increased risk of personal data falling into the wrong hands

What is a common social media data privacy issue?

Account Takeovers and Identity Theft

What is a recommended practice to protect social media data?

Reading the Privacy Policies

What is data, according to the definition?

Facts and statistics collected together for reference or analysis

Study Notes

POPIA and GDPR

• Personal data includes information that identifies a specific person or makes a person recognizable.

POPIA Objectives

• Establishes a legal framework for dealing with personal information
• Gives individuals the power to access, correct, or delete their information held by companies
• Ensures companies notify affected individuals in the event of a data breach

POPIA Penalties

• Non-compliance can result in monetary fines up to ZAR10 million
• Violations may lead to imprisonment for up to 10 years
• Imprisonment of up to 12 months for breach of confidentiality and other offenses

Data Stakeholders

• Responsible parties make decisions about data processing
• Includes features such as network access, cryptography, and information systems
• Examples of protected data include health information, geolocation, and financial transactions

Data Privacy on Social Media

• 54% of the world population spends an average of 2 hours and 21 minutes on social media daily
• User data, such as likes, opinions, and photo uploads, are considered personal data
• Users often give social media companies control over their data through user agreements
• Risks include account takeovers, phishing, complex privacy settings, doxxing, and harassment

Protecting Social Media Data

• Read and understand privacy policies
• Create strong passwords and adjust privacy settings
• Be mindful of what you share and get consent from others
• Watch out for scams and be cautious of fake accounts

Data Privacy Technologies

• Cybersecurity involves implementing multiple layers of security and protection
• Encryption keeps data secret through scrambling and changing messages
• Access control regulates who can view or use resources in a computing environment
• Multi-factor authentication uses multiple methods of identity verification for secure accounts

Data Privacy vs Data Security

• Data privacy focuses on personal information and standards for collection, processing, and deletion
• Data security refers to protecting data from unauthorized access and corruption

Data Responsibilities and Terminology

• Data owners: senior management responsible for information security and use
• Data custodians: responsible for information and systems that process, transmit, and store data
• Data trustees: oversee data management and coordinate with data custodians
• Data users: have access to information and a role in information security

Data Classification

• Identifies types of data stored and processed, and their sensitivity
• Involves dividing information into predefined groups or categories with security controls and restrictions