Information Privacy and Governance

  • Length: 997 words (2.8 double-spaced pages)
  • Rating: Excellent
Open Document

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Text Preview

More ↓

Continue reading...

Open Document

A number of high profile organisations have been subjected to great reputational damage resulting from a proliferation of personal information breaches (Protecting Personal Information, 2010). Organisations have made substantial use of their customer's personal information without doing much to protect the information. Organisation's collecting personal information have had little impetus to consider the best privacy protection solutions and people have not done anything drastic to initiate such action (Loss of privacy is price one pays to live in online world, 2011). It may take strong government regulation to propel organisations in this direction (Loss of privacy is price one pays to live in online world, 2011) leading to the pending implementation of the Protection of Personal Information Bill (POPI) (POPI: Threat or opportunity, 2010:22) in South Africa.

The POPI Bill will address the right to privacy enforcing stringent measures on all public and private entities in South Africa to ensure that the personal information of individuals is protected. The Law Commission’s findings revealed that privacy laws are lacking in South Africa, despite the fact that the right to privacy is enshrined in the Constitution (Theophanides, 2010). POPI will pave the way for the constitutional right to privacy and will regulate the manner whereby personal information is processed providing individuals with the authority to protect their personal information (Theophanides, 2010).

To prepare for POPI compliance, organisations will have to initiate an organisation-wide privacy protection programme. A very interesting market development has been the rise of a privacy GRC (Governance, Risk and Compliance) market niche (Kim, 2010). The three keywords, Governance, Risk and Compliance that emanate from this current context are commensurate with GRC, one of the latest acronyms to embrace the financial world (Conte, 2007:62). This acronym GRC has infiltrated the business community over the last years (Racz et al., 2010a:106) and is an executive-level concern of many enterprises today (Krey et al., 2011:350). GRC is an integrated approach overseeing people, processes and technology in order to deliver stakeholder value while managing risk and complying with regulations and laws (Anand, 2010:57).

Many organizations get their first experience of a GRC program when they begin to implement a privacy program because privacy is an enterprise issue that spans legal, IT, compliance and business operations (Privacy and GRC: What the New Ponemon Study and the GAPP is Telling us, 2011). The POPI Bill is not exclusively an IT or legal or a process or security issue but a combination of all of these (POPI: Threat or opportunity, 2010:22).

Need Writing Help?

Get feedback on grammar, clarity, concision and logic instantly.

Check your paper »

How to Cite this Page

MLA Citation:
"Information Privacy and Governance." 18 Jun 2018
Title Length Color Rating  
Essay about Outsourcing Information Security Consultants - Introduction Outsourcing is a technique for companies to reassign specific responsibilities to external entities. There are several motivations for outsourcing including organizational, improvement, cost, and revenue advantages (Ghodeswar & Vaidyanathan, 2008). The assignment research objectives were (a) to gain insight into securing strategic partnerships in the information technology (IT) arena; (b) to understand the choices made to reduce information and security risks by exploring the different outsourcing techniques, and; (c) to understand how business process associated with outsourcing will stimulate awareness on how the process is interlinked with human behaviors....   [tags: information technology outsourcing]
:: 11 Works Cited
1798 words
(5.1 pages)
Powerful Essays [preview]
Essay about The National Security Agency (NSA) and the Death of Privacy - Privacy — at first glance, most people see this word as describing one’s right to be free from observation and disturbance by others; however, upon further examination it means much more. According to author Dylan Love of the Business Insider, this word in itself is one of hundreds that flag you as a potential terrorist when typed it in an email. Perhaps this comes as no surprise since citizens of the United States have seen an increasing presence of the National Security Agency (NSA) in the media and their daily lives....   [tags: Privacy in the USA 2015]
:: 7 Works Cited
1962 words
(5.6 pages)
Term Papers [preview]
Privacy Protection Through a Code of Conduct Essay - In an effort to develop a viable privacy culture within the organization, the first step to achieve the enhancement of a culture of privacy protection within the department would be to develop a code of conduct. Based on the reality that such a code, usually referred to as a code of ethics is seen to be the basis of any ethics program it would only be prudent to institute the development of the same as a starting point. Such a code of conduct should be developed in such a manner as to be able to address previous unethical conducts within the department as well as project into the future so as to prevent future acts that would be unethical....   [tags: Organizational Issues]
:: 2 Works Cited
880 words
(2.5 pages)
Better Essays [preview]
Employee Privacy Expectations and Employer Monitoring Essay - Employee Privacy Expectations and Employer Monitoring As much as many people are seeking to be self employed, we cannot deny the fact that a large proportion of the working population is employed and has to deal with matters pertaining to employer-employee relationship. One such issue is the extent of monitoring of the employee by the employer and the employee’s expectation of privacy. In fact, most people prefer self employment due to the satisfaction they get by being their own boss and hence having full control of what they do with resources such as time and office equipments....   [tags: Ethics ]
:: 4 Works Cited
862 words
(2.5 pages)
Better Essays [preview]
Do Drug Tests Violate Employees’ Rights to Privacy? Essay - In this essay contained is an investigation, discussed and, which is within scope of this essay, in the provision of answers to this question Do drugs tests violate employees’ right to privacy?’ The answers are given by the presentation and the analyzing different views evident in literature so as to build an argumentative case against or in support of, lastly drawing the conclusions set. This is made possible concentrating on a scope which considers the ethics existent in normative theories. It means that theories of a higher philosophical calling considering whether the employees violate the right of privacy of their employees by doing drug tests on them lie outside the scope of the essay....   [tags: work performance, legislation, screening]
:: 9 Works Cited
1645 words
(4.7 pages)
Powerful Essays [preview]
Essay about Information Security In Zanziabar Public Sector - The information security challenges faced in Zanzibar are persistent in transitional countries as could be seen in the case study “state of Information Security in Zanzibar’s public sector” (Shaaban, et al., 2012). Most of these challenges are partly attributed to lack of proper budgeting for ICT infrastructures, cultural gap awareness, political instability, trust, business continuity plan, and inadequate human resource management to effectively manage this technology (Dada, 2006). The application of e-government in corporate governance to improve efficiency and effectiveness of the public sector agencies and delivery of services to the users has increased extensively, due to its result ori...   [tags: Security Challenges, Transitional Countries]
:: 18 Works Cited
1456 words
(4.2 pages)
Powerful Essays [preview]
Change of State: Information, Policy, and Power by Sandra Braman Essay - The effects of new digital technologies and their policy implications result in a complex issue that is always evolving. “Change of State: Information, Policy, and Power” by Sandra Braman presents a breakdown of policy development for the constant evolution of the technological world and how it affects the state and society. She theorizes that the ‘information state’ is in the process of replacing the welfare state, to the detriment of the citizen and the democratic process. Braman “looks at the ways in which governments are deliberate, explicit, and consistent in their use of information policy to exercise power, exploring not only such familiar topics as intellectual property rights and pr...   [tags: policy and power, digital technologies] 580 words
(1.7 pages)
Good Essays [preview]
Biography of Edward Joseph Snowden Essay - Edward Joseph Snowden popularly known as Edward snowden was born on 21 June 1983 in Elizabeth city, Northern Carolina, who is an anex, who is an American Computer Professional and also a former employee of the National Security Agency NSA. He also worked for Central Intelligence Agency “CIA”. Snowden moved with his family to Ellicott City in the year 1995 where he studied computers at Anne Arundel Community college between the years of 1999 and 2005. During this period he was also in the army for a period of 4 months....   [tags: NSA, security files, privacy]
:: 6 Works Cited
1026 words
(2.9 pages)
Strong Essays [preview]
Privacy of Digitized Personal Information Essay - Privacy of Digitized Personal Information Privacy of personal information is a fundamental right of any person. No one wants his/her private details to be known to other people, especially ones who they are not familiar with. However, human society is based on cooperation between people. Society simply cannot function without this vital interaction between two human beings. No one is that capable or skillful enough to fulfill his/her daily requirements alone. The very fabric of society exists because a person has to depend on other people to get things done....   [tags: Private Privacy Information Argumentative Essays]
:: 5 Works Cited
3497 words
(10 pages)
Strong Essays [preview]
Information Privacy Plan Essay - 1. Privacy and security of HRIS is important to prevent modification by other people, loss of the information and unauthorized disclosure of personal information to other people (Quinstreet, Inc, 2011). Personal information should not be used for unlawful actions such as unauthorized investigations. Those entitled to use this information should make sure it is true, updated and above all complete. Access to this information should be limited to only the authorized people. Unauthorized people might end up using the personal information for ill purposes that might be harmful to the victim’s integrity....   [tags: Information Technology]
:: 5 Works Cited
1238 words
(3.5 pages)
Strong Essays [preview]

As such, the POPI Bill has multiple dimensions, which fall into the GRC processes. Many organizations still have to develop privacy GRC to effectively and efficiently meet the demands of the complexity of privacy, which essentially means that "privacy must run like a business" (Kominars, 2010).

According to a survey conducted by the Ponemon Institute in 2011, 76% of respondents stated that privacy is an important aspect of IT-GRC activities and 71% stated that privacy-related issues are important to the legal GRC domain (The Role of Governance, Risk Management & Compliance in Organizations: Study of GRC practitioners, 2011:2). This means that it is important to study privacy within the context of IT-GRC and Legal GRC, herewith referred to as ITL-GRC. IT-GRC is a framework that ensures IT decisions take into consideration business goals and values (Jokonya and Lubbe, 2009:116). Legal GRC includes managing controls for regulatory compliance and contractual requirements, an example of which is privacy and consumer protection management (The Role of Governance, Risk Management & Compliance in Organizations: Study of GRC practitioners, 2011:1).

This study considers the concept of an ITL-GRC framework as a meaningful approach to the Governance and Management of personal information. The reason why both Governance and Management disciplines are covered is because data management and governance disciplines have been neglected issues by most organisations, but the POPI Act is about to change this (Davies, 2011). Therefore, in preparation for the POPI Bill, both Governance and Management will be covered.

The purpose of this research is to develop a framework that will address the effective and efficient Governance and Management of Information Privacy in a holistic manner. According to the Business Dictionary (2011), a "framework is a broad overview, outline, or skeleton of interlinked items, which supports a particular approach to a specific objective, and serves as a guide that can be modified as required by adding or deleting items".

It is important to provide a distinction between the terms, framework and conceptual framework. A conceptual framework according to educational researcher Smyth (2004), is a tool to uncover research to enable a researcher to make logic of subsequent findings. He further adds that a conceptual framework is a point of departure about the research and its context. The framework is a tool to assist the researcher to develop an awareness of the particular situation under study and to communicate this (Smyth, 2004:167).

Smyth (2004:167) states that a conceptual framework can be used to provide links from the literature to research goals and questions, influence the research design and provide points for discussion of literature, methodology and analysis of data. In the context of this study, a conceptual framework will be used to obtain the research goal and research design.

A framework will be outline of ITL-GRC items interlinked to support the Governance and Management of Information Privacy and this serves as a guide for strategic and tactical management.

The objective of the framework is to inform, educate and influence top executives and management regarding the Governance and Management of Information Privacy within their respective organisations proactively. Furthermore, it provides a set of metrics to communicate the status of Information Privacy to improve the Information Privacy posture of the organisation.

The approach and application of each component of ITL-GRC provide a unique contribution to Information Privacy Governance and Management. When the components of ITL-GRC are applied together in a well-designed, planned and coordinated manner, it provides a distinctive solution to the proactive planning of Information Privacy Governance and Management planning.

Return to