SA's lack of data privacy legislation may affect global trade

As the South African economy continues to grow so does its global competitiveness, but local trading partners will have to fall in line with their overseas counterparts and beef-up their internal data privacy systems if they want to trade internationally.

That's the word from Salome Kwant, regional technology manager Compuware Middle East Africa, who says that as more companies look to deal with South African companies, they will require internationally accepted data privacy regulations.

"Because we have little or no legislation in this regard we lag behind our global partners and this could lead to losing lucrative contracts and embarrassment. It's important that we have the right laws place, but until then companies should take the initiative and implement their own data privacy systems," says Kwant.

Deneys Reitz legal expert, Rohan Isaacs, says that about 30 countries around the world have active data protection legislation in place which deals with the manner of collection, handling and transfer of data - these include SA's major trading partners in Europe.

In comparison, SA's Electronic Communications and Transactions Act of 2002 contains certain provisions which the collectors of private information in electronic form may follow, there is no compulsion to adherence nor any sanction for non-compliance.

"When this Act was passed it was anticipated that data protection legislation would be introduced to deal with this area in a more comprehensive and binding manner," he explains.

"About two years ago, the South African Law Commission produced a report on data protection and recommended that legislation be passed in South Africa. That has, however, not as yet occurred."

Isaacs says that the security of confidential information is increasingly important as the quantity of data and its accessibility expands. "Inevitably SA will have to enact data protection-specific legislation if it is to achieve a competitive space in the world economy.

'And it can be expected that corporations from our major trading partners will increasingly require assurances from South African entities that their confidential data will be subject to legal protection."

Compuware's Kwant notes that while some organisations in South Africa do have certain levels of data protection in place, they do not have the expertise to regulate it.

"Often they are unable to test the applications where the critical data is stored. They need to examine the environment and determine whether data needs to be scrambled and or encrypted. There are many aspects to data protection and it experienced personnel and tools are required to ensure that data privacy systems are properly deployed according to the businesses or industries they serve," says Kwant

Compuware globally, she points out, has been assisting customers with the methodologies and toolsets to ensure that their data is compliant to the laws of the countries they reside in and that they deal with.