Google Drive‚ Dropbox‚ Mega‚ Tresorit? Choose your cloud service wisely to avoid finding yourself on the wrong side of the law.
This according to John Cato‚ expert on the Protection of Personal Information (POPI) Act‚ speaking at a cyber crime seminar in Johannesburg on Friday.
The Act‚ signed into law in 2013‚ says a company or person may not transfer personal information about a third party to another country‚ if that country does not have laws offering the same levels of protection of personal information as the POPI Act.
This means that transferring information to an offshore cloud service which is not subject to laws as strict as South Africa’s could place you in violation of the law.
According to Cato‚ most cloud services operating in European Union countries are a safe bet under their laws‚ but US-based services are more risky.
Cato said that as a cloud user‚ you would have to decide for yourself whether your service is on the safe side‚ but that there are checks you could run to avoid placing yourself at risk.
Cloud services should be safe to use if they are:
-Compliant with the ISO 27018 standard for protection of personal information. This is not a law‚ but rather a best-practice guide cloud service providers may choose to ascribe to
-Operating in a country that ascribes to European Union guidelines for the protection of personal information
If you are still unsure consult global law firm DLA Piper’s “Protection Laws of the World” guide.
Cato warned businesses‚ saying that in failing to comply with the POPI Act they may suffer costly reputational damage.
Transferring information to an offshore cloud service can be risky
Google Drive‚ Dropbox‚ Mega‚ Tresorit? Choose your cloud service wisely to avoid finding yourself on the wrong side of the law.
This according to John Cato‚ expert on the Protection of Personal Information (POPI) Act‚ speaking at a cyber crime seminar in Johannesburg on Friday.
The Act‚ signed into law in 2013‚ says a company or person may not transfer personal information about a third party to another country‚ if that country does not have laws offering the same levels of protection of personal information as the POPI Act.
This means that transferring information to an offshore cloud service which is not subject to laws as strict as South Africa’s could place you in violation of the law.
According to Cato‚ most cloud services operating in European Union countries are a safe bet under their laws‚ but US-based services are more risky.
Cato said that as a cloud user‚ you would have to decide for yourself whether your service is on the safe side‚ but that there are checks you could run to avoid placing yourself at risk.
Cloud services should be safe to use if they are:
-Compliant with the ISO 27018 standard for protection of personal information. This is not a law‚ but rather a best-practice guide cloud service providers may choose to ascribe to
-Operating in a country that ascribes to European Union guidelines for the protection of personal information
If you are still unsure consult global law firm DLA Piper’s “Protection Laws of the World” guide.
Cato warned businesses‚ saying that in failing to comply with the POPI Act they may suffer costly reputational damage.
Would you like to comment on this article?
Register (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Trending
Latest Videos