Legislation for the protection of data privacy in South Africa has finally been crystallized into the Protection of Personal Information (POPI) Act. The main purpose of this law is to protect the personal customer information held by organizations.
In view of the Act, South African businesses need to re-evaluate how they store and process customer information and mobile data. The POPI Act holds organizations accountable for the mismanagement of information. Companies are responsible for the data they hold on their customers, and have to avoid unauthorized diffusion, loss and leakage of any information.
With the adoption of smartphones and tablets, the consumerization of IT has created a new challenge for organizations: the obligation to be compliant with legislation even outside their perimeters. Companies are responsible to maintain the same level of protection of customer information on their employees’ devices. If an employee loses his phone or the phone gets infected by a virus, the company remains responsible for any customer data that were saved on it.
POPI Act - Building a Compliance Company Policy
The advantages of BYOD (Bring Your Own Device) and workforce mobility have an important role in the success of businesses today. To gain the full benefits without any risk, companies have to put strong processes in place to prevent accidental or deliberate data leakages, and to prevent malware infections. In practice, this means that organizations should make sure that they have a solution that allows for end-to-end control over how data on mobile devices is managed at rest and in transit.
The company policy must govern behaviour in particular situations when the integrity of customer data can be at risk:
- Wipe data off the device if it is lost or stolen, so as not to allow anyone to read corporate data.
- Remove the Email and WIFI configurations, to prevent a break in the corporate perimeter.
- Whitelist/Blacklist apps, to reduce the risk of malware on the device.
POPI Act - Compliance with 2X MDM
2X MDM is a mobile device management platform that provides an easy and affordable solution for compliance with the requirements of the POPI Act. 2X MDM supports data security even when a device is outside your perimeter. Through 2X MDM, you can change the password remotely (even through SMS) and lock the device, to protect all of the data until the device is retrieved.
You can restore the device to its factory settings, wiping data completely from the device and from any SD card. From a central console, 2X MDM can distribute strong password policies, and WiFi and Email configurations. It is possible to track and monitor all your devices in real time, with regard to location, data usage and applications installed. Read more.
POPI Act - Conclusion
It is essential to take the time to develop and implement a formal mobile device management strategy for an organization, as the POPI ACT prescribes severe penalties for companies that do not meet its requirements. Also, company reputation can suffer through non-compliance. 2X MDM supports you in creating a policy to keep your organization compliant with the POPI Act, while gaining outstanding control of your mobile fleet and increasing remote user productivity.