Protecting personal information is crucial. Failing to do so can cause significant financial harm and emotional distress to the individuals concerned and can cause irreparable harm to the University’s reputation. The University is not only committed to safeguard personal information, but also to empower its students and staff to protect themselves.
When processing personal information, UP is striving to:
Recently, the University of Greenwich in the United Kingdom was fined £120,000 by their Information Regulator, the Information Commissioner’s Office, for failing to ensure that a microsite under its control was secure and that hackers could not access the underlying databases.
This breach illustrates that cybersecurity programs alone cannot protect institutions without robust information governance, of which access control is an important aspect. Good information governance provides an additional line of defence by ensuring that databases do not contain unnecessary or very sensitive information. This means that even if a database is compromised, the impact will be limited.
Both the Protection of Personal Information Act (POPIA) and the European Union’s General Data Protection Regulation (GDPR) make information governance a requirement for regulatory compliance. This is why compliance with regulatory requirements is one of the main drivers of the iGaPP programme.
The EU GDPR came into effect on 25 May 2018.
The POPIA makes provision for the development of industry specific Codes of Conduct, thus allowing industries to translate principles into standards. These standards are referred to as Industry Codes of Conduct. On a sector level, Universities South Africa (USAf) has adopted a POPIA Industry Code of Conduct for public universities.
The Code includes standards relating to
One of the primary aims of iGaPP is to transform the Code into policies, procedures, and guidelines and to put it into practice.
Copyright © University of Pretoria 2024. All rights reserved.
Get Social With Us
Download the UP Mobile App