Thumbnail Image

Tomorrow’s privacy: Information security at South African universities— implications for biomedical research

Anderson, D.
Abiodun, O.P.
Christoffels, A.
In South Africa, a similar regulation strategy to the European Union General Data Protection Regulation, called the Protection of Personal Information Act (No 4 of 2013) (POPIA), will be implemented, with a view to mitigate cybercrime and information security vulnerabilities. A qualitative exploratory analysis of information security management at universities in South Africa, using a Technology, Organisation, and Environment model, highlights the need for maintaining the security infrastructure to facilitate management of security within the university network, while placing emphasis on information security management processes, such as risk analysis, architecture review, code inspection, and security testing. Organizational factors were the most critical factors when compared to the technological and environmental factors which appear to influence the effectiveness of information security measures and, subsequently, data regulation readiness. Universities will have to balance the implementation of tangible solutions to mitigate risks within the scope of their budget while promoting user compliance, despite perceived ‘restrictions.’ For biomedical researchers, questions remain on the impact of POPIA legislation on data sharing, open science, and collaborations.
Journal Title
Journal ISSN
Volume Title
Oxford University Press
Research Projects
Organizational Units
Journal Issue
Information security , Data privacy , University , Biomedical research , POPIA , Data sharing
Anderson D, Abiodun P.O, Christoffels A. Tomorrow’s privacy: Information security at South African universities—implications for biomedical research. International Data Privacy Law. 2020 May,10(2);180-186. doi.org/10.1093/idpl/ipaa007
Embedded videos