Contact us
30 Sep 2016

CLOUD USERS: WATCH OUT FOR THE STORM

Risks, precautions and compliance for cloud users

The recent dissemination of 68 million Dropbox user account’s details has highlighted the inherent risks in the use of cloud servers. A cloud is an online network of servers hosted on the Internet to store, manage, and process data, rather than using a local server or a personal computer. First time cloud users are more at risk simply because of the unfamiliarity of using new technology in a new environment. However, both new and old businesses need to consider numerous factors before embarking on uploading its own, as well as its clients and suppliers information onto a cloud, especially if it is personal, in which case the Protection of Personal Information Act (POPI) is applicable.

POPI regulates the collection and dissemination of personal information through a cloud and defines personal information as any information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. In terms of POPI, a company is precluded from collecting and disseminating a data subject’s personal information without the express informed consent of the data subject to do so. The term informed would mean that the company needs to advise the data subject not only that it is collecting its personal information, but also what it intends to use it for and where this information will be stored.

In addition to informed consent, one of the eight conditions of POPI compliance is security safeguards, which means that a business has an obligation to secure the integrity and confidentiality of the personal information by taking appropriate and reasonable measures to prevent the loss of, destruction or unlawful access of its personal information. Businesses must therefore determine all possible risks and ensure that they take precautionary measures to mitigate these risks. Furthermore, the business needs to stay up to date with all security upgrades and latest security features to ensure protection of its own, its clients and its supplier’s personal information.

Finally, section 72 of POPI is vital to businesses outsourcing their IT solutions or using cloud servers in a foreign country because POPI precludes a business from transferring personal information to a third party in a foreign country unless that foreign country’s laws affords substantially similar protection of personal information as is afforded in South Africa. Furthermore, the transfer must be necessary for the conclusion or performance in terms of a contract and be to the benefit of the consumer in certain instances where consent could not be obtained.

Cybercrime is a reality in the world we operate in today. Many businesses must ensure that they are aware of all the risks and take the necessary precautions to ensure that all personal information of its business, its clients and its suppliers that it hosts and stores online are secure before embarking on this journey.

Share this article

We use cookies to make your experience with us better. By continuing to use our website, you are agreeing to our use of cookies. To find out more see our privacy statement.

Close
Ask QIPPY AI
Ask QIPPY AI

Disclaimer

Although we take great care to ensure that the information in our Chatbot is accurate and up to date, readers are advised to always consult with a Professional before acting on the information. The information on this Chatbot does not constitute legal or financial advice.