Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A model to assess organisational information privacy maturity against the Protection of Personal Information Act
Includes bibliographical references.
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Information Systems
2015
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613157800804352 |
|---|---|
| access_status_str | Open Access |
| author | Hinde , Charles Christopher |
| author_browse | Hinde , Charles Christopher |
| author_facet | Hinde , Charles Christopher |
| author_sort | Hinde , Charles Christopher |
| collection | Thesis |
| description | Includes bibliographical references. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/13179 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:31:41.113Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2015 |
| publishDateRange | 2015 |
| publishDateSort | 2015 |
| publisher | Department of Information Systems |
| publisherStr | Department of Information Systems |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/13179 A model to assess organisational information privacy maturity against the Protection of Personal Information Act Hinde , Charles Christopher Information Systems Includes bibliographical references. Reports on information security breaches have risen dramatically over the past five years with 2014 accounting for some high-profile breaches including Goldman Sachs, Boeing, AT&T, EBay, AOL, American Express and Apple to name a few. One report estimates that 868,045,823 records have been breached from 4,347 data breaches made public since 2005 (Privacy Rights Clearing House, 2013). The theft of laptops, loss of unencrypted USB drives, hackers infiltrating servers, and staff deliberately accessing client’s personal information are all regularly reported (Park, 2014; Privacy Rights Clearing House, 2013) . With the rise of data breaches in the Information Age, the South African government enacted the long awaited Protection of Personal Information (PoPI) Bill at the end of 2013. While South Africa has lagged behind other countries in adopting privacy legislation (the European Union issued their Data Protection Directive in 1995), South African legislators have had the opportunity to draft a privacy Act that draws on the most effective elements from other legislation around the world. Although PoPI has been enacted, a commencement date has still to be decided upon by the Presidency. On PoPI’s commencement date organisations will have an additional year to comply with its requirements, before which they should: review the eight conditions for the lawful processing of personal information set out in Chapter three of the Act; understand the type of personal information they process ; review staff training on mobile technologies and limit access to personal information; ensure laptops and other mobile devices have passwords and are preferably encrypted; look at the physical security of the premises where personal data is store d or processed; and, assess any service providers who process in formation on their behalf. With the demands PoPI places on organisations this research aims to develop a prescriptive model providing organisations with the ability to measure their information privacy maturity based on “generally accepted information security practices and procedure s” ( Protection of Personal Information Act, No.4 of 2013 , sec. 19(3)) . Using a design science research methodology, the development process provides three distinct design cycles: 1) conceptual foundation 2) legal evaluation and 3) organisational evaluation. The end result is the development of a privacy maturity model that allows organisations to measure their current information privacy maturity against the PoPI Act. This research contributes to the knowledge of how PoPI impacts on South African organisations, and in turn, how organisations are able to evaluate their current information privacy maturity in respect of the PoPI Act. The examination and use of global best practices and standards as the foundation for the model, and the integration with the PoPI Act, provides for the development of a unique yet standards-based privacy model aiming to provide practical benefit to South African organisations. 2015-06-30T07:59:45Z 2015-06-30T07:59:45Z 2014 Master Thesis Masters MCom http://hdl.handle.net/11427/13179 eng application/pdf Department of Information Systems Faculty of Commerce University of Cape Town |
| spellingShingle | Information Systems Hinde , Charles Christopher A model to assess organisational information privacy maturity against the Protection of Personal Information Act |
| thesis_degree_str | Master's |
| title | A model to assess organisational information privacy maturity against the Protection of Personal Information Act |
| title_full | A model to assess organisational information privacy maturity against the Protection of Personal Information Act |
| title_fullStr | A model to assess organisational information privacy maturity against the Protection of Personal Information Act |
| title_full_unstemmed | A model to assess organisational information privacy maturity against the Protection of Personal Information Act |
| title_short | A model to assess organisational information privacy maturity against the Protection of Personal Information Act |
| title_sort | model to assess organisational information privacy maturity against the protection of personal information act |
| topic | Information Systems |
| url | http://hdl.handle.net/11427/13179 |
| work_keys_str_mv | AT hindecharleschristopher amodeltoassessorganisationalinformationprivacymaturityagainsttheprotectionofpersonalinformationact AT hindecharleschristopher modeltoassessorganisationalinformationprivacymaturityagainsttheprotectionofpersonalinformationact |