Snap, Crackle, POPI

Man holding a newspaper with the headline "The world is changing". Quote from Heraclitus: There is nothing permanent except change.

The Protection of Personal Information Act (POPIA) goes live on 1 July 2021. It places a huge burden on all organisations — from the one-person accountant firm to the big banks.

All about protection

POPIA is about what personal data we collect, why we collect it, and how we use it. But even more than that, it is about how we protect that data.

There's a data breach in the news almost daily — and many more that aren't made public.

I expect that many companies have appointed a team to understand what POPIA requires of them. And there will be developers working overtime to make changes to the systems. Although we are a small company, POPIA is a big item on my to-do list right now.

When will DoL WAKE UP?

This makes my recent experience on the Department of Labour website even more horrifying.

Every employer must register with the Compensation Fund and pay annual assessment fees. Last week I wanted to get our Return of Earnings submission in. (FYI: That didn't work. Although the deadline used to be 31 March, the system isn't open for submissions yet.)

It happened last year. It happened the year before. It happened again this year. The DoL site rejected my username and password combination — which I know is correct, because I use a password manager. So I had to reset my password. And guess what? DoL emailed me the old password in PLAIN TEXT!

And then I, like a careful user, reset my password. And guess what? DoL emailed me the new password in PLAIN TEXT! And not only my password: it also sent my full name and ID number.

I am ... Angry. Bothered. Confounded. Disconcerted. Enraged. Furious. Pick any letter of the alphabet, and I'll find a suitable adjective to describe my horror. Hence my use of uppercase in the heading above.

And this is not new. The labour.gov.za site has been on the list of plain-text offenders since 2013. I posted a complaint about this on our FaceBook page in 2018. If DoL hasn't addressed this for the past 8 years, will POPIA make a difference?

Security is not just for specialists

We all have to do some retro-fitting to make our processes and systems more secure. But security and privacy really need to be built into the entire development process.

Not everyone needs to be a security (or a POPIA) expert. But I believe that everyone involved in software development needs some basic understanding of security concepts. That includes the users and the system owners and the business analysts. (You can read more about this in our blog post about secure analysis. )

That's why we created the Introduction to Web Application Security course. Because you don't want to make the news because of a data breach.

Any suggestions for waking up DoL? Any plans to train your team in basic security concepts? Please share your thoughts and experiences.

Leave a Comment

Your email address will not be published. Required fields are marked *

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email info@incusdata.com

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.