Subscribe to industry newsletters

Search jobs

Where data meets sustainable growth, the protection of information should be inherent

It creates a clear ethical crossroad when data meets profit. At any kind of crossroad, one usually finds that there is some form of governing sign - let's call it a framework. The end goal is to protect the boundaries of such a junction and establish fair rules for both sides to operate within. Profitability should not be the result at the cost of raw or processed data.
Where data meets sustainable growth, the protection of information should be inherent

You don't have to search too far to decipher just how valuable accurate data insights have become. It's the new currency. It's the new oil.

It’s been said a thousand times and if still in disbelief, well, look at the Google search data.

A currency is only as good as the products it allows you to purchase. Oil is only as valuable as the energy it can generate. Let’s face it, if left unprocessed its value plummets and the unprocessed commodity becomes a nuisance and a disaster waiting to happen in the form of a breach or a leak. Remember that time during the Covid-19 pandemic when most of the world’s oil tankers were stuck off ports of entry and couldn’t be stored or processed anywhere?

Francois Kriel, change management consultant at Kriel & Co, agrees that data is no different than oil.

He particularly agrees with a 2017 study by Martin, Borah and Palmatier published in the Journal of Marketing, which explores customer data vulnerability. The study suggests that transparency and control are two key factors that mitigate the effects of vulnerability.

Data equals value

Kriel says: “It is true that ethically obtained data is only useful when gathered and processed completely, accurately and in a timely manner. Rich data becomes a storytelling tool allowing organisations to react to ever-changing market forces and be intentional in their decision-making, often with efficiency and ROI metrics as key outcomes.

“It creates a clear ethical crossroad when data meets profit. At any kind of crossroad, one usually finds that there is some form of governing sign – let’s call it a framework. The end goal is to protect the boundaries of such a junction and establish fair rules for both sides to operate within. Profitability should not be the result at the cost of raw or processed data,” argues Kriel.

“The very fact that companies are outpacing their peers in revenue growth and profitability as they excel at integrating data into their organisational strategy, operations and culture is a clear call that decision-makers should embrace the protection of every stakeholder in the value chain. Data processing is becoming a distinct component tied to other products and services designed to enlarge not only marketing impact, but also organisational growth,” he says.

Readiness of South African organisations to protect data

According to Internet World Stats the African context for data explosion and exploitation is an interesting example. Internet connectivity mushroomed after the first undersea cables were laid. Today, broadband penetration in Africa currently stands at almost 40% per capita.

Even though South African organisations have been at the forefront of the African data charge, our country has been lacking sophisticated legislation governing the processing of data up to this point.

With the main provisions of the act commencing in July 2020, the Protection of Personal Information Act of 2013 (PoPIA) affords South African organisations a grace period until July 2021 to bring the necessary changes to their policies, systems and frameworks to effectively protect the data of customers, clients, partners, suppliers and employees they are responsible for.

Data privacy law expert Ridwaan Boda explains the relevance of the new legislation and why protecting data and private information goes even further than ethics.

“Whilst many African organisations are weary about compliance with legislation such the European Union General Data Protection Regulation (GDPR) with some commentators stating that it is first world laws, which should not apply to the developing world, it is critical to appreciate that the right to privacy is an inherent human right, and our Constitution encapsulates the right to privacy for all of us as individuals and organisations. African law-makers accept this, and many African countries have passed or are in the process of passing legislation to give effect to the right to privacy. There is a misconception that African organisations do not need to comply with privacy legislation when the reality is compliance is not only a legal necessity, but it just makes good business sense to comply,” says Boda.

Boda is a globally recognised expert in the field of data privacy law and is partner at top-tier law firm ENSafrica, which forms part of a multidisciplinary duo acting in partnership with change management consultancy Kriel & Co. Together they are positioned to help map, reevaluate, or change and manage an organisation’s legal approach and ICT adoption towards managing personal information in compliance with the PoPIA. This is called a ‘privacy by design approach’.

The future is framed by data infrastructure functions

A recent Forbes contribution argues that data analytics pioneers such as Google and Facebook have led the way in showing the world you can build a very large and profitable business based solely on the collection and analysis of data.

Kriel agrees that more organisations will be turned into data brokers in the near future and will become part of the next wave contributing to the global data economy.

“This is not to say that every organisation will scale up to become a Google or a Facebook, but there is a realisation that an organisation’s systems and processes cannot only be perceived as an overhead cost, but a value creation centre,” says Kriel.

It is at this juncture, and knowing that data is a valuable commodity, that organisations are sitting up, taking note and making an actual effort to protect the privacy and personal information of individuals and organisations.

Boda agrees that the right to privacy is especially applicable in the digital age. He says that privacy laws are in place for that very reason and at an important junction in the data age – to protect our constitutionally enshrined right to privacy.

Boda says the law is designed to protect a very simple set of conditions; conditions that companies dealing with information of both private individuals as well as juristic persons need to adhere to. For example in a simplified explanation he cautions to: “Treat information you are handling securely, keep it safe, don’t use it for purposes it is not intended for, don’t overshare information and make sure you handle information carefully.”

Starting is easier than you think

Coming back to the principles of implementing control and transparency, Kriel points out a few of the recommendations highlighted by Martin et al that every organisation can employ as a start to mitigating the immediate risks associated with protecting the data within your ecosystem.

Act with transparency

Kriel says acting with transparency is easier than you might believe. For instance, an organisation can already start to mitigate any perceived risks at the point where data subjects (i.e. your customers) provide personal information to be stored and processed.

At the point of data entry or processing (for instance when signing up to a database), clearly explain the terms via a well drafted privacy policy. Positioned anywhere on your website and held at the company offices, your PAIA (Promotion of Access to Information Act) manual should make the contact procedure available to anyone with questions or requests when you act in accordance with the PoPIA.

Also consider finding an easy way of explaining how you intend to capture, use or share any data collected internally or with third parties in an interactive or engaging manner. Simply directing users to a policy is neither educating, nor informative.

Offer as much control as possible to the user or data subject

Kriel says every organisation should be questioning its assumptions related to processing and storage of information. For instance, does your organisation have one centralised database of all customer data protected by the relevant safeguards (such as two-factor authentication). Or do you have multiple, fragmented databases across multiple systems – or worse – Excel spreadsheets? The practices of yesteryear that were ‘convenient and cheap’ when managing information are no longer going to serve the organisation‘s best interests – let alone protect your customer.

It’s a fair prediction to make that data will continue to dominate the world in the 2020s. The PoPIA framework of protection comes at a golden and opportune time. It provides for an opportunity to look back at how organisations have treated its data. Your valuable commodity is waiting to be used in the most ethical way.

To learn more about the privacy impact assessment options to fit the needs of any size organisation that is committed towards protecting your precious commodity – data – please contact the multi-disciplinary change management consultant and attorney team of Kriel & Co and ENSafrica at moc.ocdnaleirk@olleh

Kriel  & Co
Francois Kriel is an IMCSA accredited management consultant with change management and digital transformation as specialisation areas. He works full-time as director at Kriel & Co where he leads a dynamic team currently facilitating digital change at several high-profile organisations. Francois also supports Stellenbosch University as guest lecturer to business management honours students. He is an advocate for collaborative leadership, mentorship and LGBTQI+ inclusivity.
Read more: ENSafrica, POPIA, Kriel & Co

Let's do Biz