PPI: South African Protection of Personal Information IT Compliance Requirements

How to bring your network and data into compliance with the South African Protection of Personal Information Act

Background

The South African Protection of Personal Information Act regulates information policy for South African businesses and organizations or international businesses operating in South Africa. PPI defines how information may be retained and processed, and applies to all holders of qualifying information without regard to industry (Ch. 2.3.c). PPI addresses a number of distinct data management issues within the scope of what it defines as personal information. The Act also establishes an information regulator to oversee information management policies and enforcement in South Africa.

Feature-Requirement Map

Requirement Description Varonis Product/Feature
Chapter 3 Section 18 (pg. 14.) A responsible party must secure the integrity of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent—(a) loss of, damage to or unauthorised destruction of personal information; and (b) unlawful access to or processing of personal information Goverance. The Varonis IDU Classification Framework and Varonis DatAdvantage help identify files containing personal information, determine who has access to it, who is using it, and who should be responsible (data owners). Varonis DataPrivilege helps organizations not only define the policies that govern who can access, and who can grant access to unstructured data, but it also enforces the workflow and the desired action to be taken (i.e. allow, deny, allow for a certain time period). This has a two-fold effect on the consistent and broad communication of the access policy: 1) it unites all of the parties responsible including data owners, auditors, data users and IT around the same set of information and 2) it allows organizations to continually monitor the access framework in order to make changes and optimize both for compliance and for continuous enforcement of warranted access. Access. Access Varonis DatAdvantage recommends the revocation of permissions to data for those users who do not have a business need to the data – this ensures that user access to data is always warranted and driven by least privilege. DatAdvantage generates reports showing the history of permission revocations and the percentages by which overly permissive access was reduced. Varonis DataPrivilege provides a mechanism via a web-based application by which to monitor, administer (allow/deny) all access requests to unstructured data Data breaches and Monitoring.Varonis DatAlert provides real-time alerting based on file activity, Active Directory changes, permissions changes, and other events. Alert criteria and output are easily configurable so that the right people and systems can be notified about the right things, at the right times in the right ways. DatAlert improves your ability to detect possible security breaches, and misconfigurations.

Request a demo

Interested in finding out how Varonis can help with your compliance initiatives?

Request a demo

Or contact sales at 877-292-8767