A Framework of Security Safeguards for Confidentiality and Integrity of Electronic Personal Information

Privacy entails controlling the use and access to place, location and personal information. In South Africa, the first privacy legislation in the form of the Protection of Personal Information (POPI) Act was signed into law on 26 November 2013. The POPI Act promotes the protection of personal information by public and private institutions and specifies the minimum requirements in twelve chapters, which includes eight conditions for lawful processing of personal information. Condition Seven of the POPI Act makes specific provision for security safeguards to ensure confidentiality and integrity of personal information. However, one of the limitations of Condition Seven is that it is a requirement which is not supported by guidance relating to security safeguards to be considered to ensure confidentiality and integrity of electronic personal information. Hence, this paper aims to propose a framework based on a selection of security safeguards from several leading practices to be considered to prevent unauthorised disclosure and modification of electronic personal information stored, processed or transmitted. The authors believe that the proposed framework will facilitate the achievement and maintenance of compliance with Condition Seven of the POPI Act, with a specific focus on electronic personal information.