We’ve all seen the warnings about encrypting sensitive files and being aware of phishing attempts that aim to steal our personal information. But there’s more to data privacy than meets the eye.
Data privacy breaches can have a significant impact on individuals and corporations alike in terms of reputational and financial repercussions. Online financial services are used more widely in Africa than anywhere else in the world. As Zimbabwe moves more towards being a cashless society, the finance sector is facing an increasing amount of cybercrime, including phishing and bank card cloning – both of which are on the rise.
Such breaches are not unique to Zimbabwe. For example, several Kenyan financial institutions have lost millions of dollars to cybercrime over the past few years, while a leading bank in Rwanda lost $10.3 million to fraudulent customer withdrawals in under three months.
It’s a critical concern for individuals and businesses globally, and more so for those operating in Africa, where the digital economy is growing by leaps and bounds.
In an effort to counteract these risks and safeguard the data of its citizens and businesses, Zimbabwe formally enacted the Data Protection Act [Chapter 11:24] on December 3, 2021. While the Act deals with aspects of cybersecurity and cybercrime, its primary focus is on data privacy and ensuring data protection for all data collected within the country, as well as outside the country and processed in Zimbabwe. It also includes some of the strictest penalties for non-compliance and breaches for data handlers.
1. Foster a top-down approach.
Ensure active involvement and support from senior management in data protection efforts. For instance, a multinational corporation might require all its senior executives to undergo annual data protection training that is filtered down to staff and allocate a portion of their budget to cybersecurity initiatives.
2. Designate a Data Protection Officer to oversee data protection efforts.
This senior-level person should have expertise in data protection laws and regulations and oversee compliance within the organisation. This role is crucial in ensuring that data privacy is prioritised and implemented effectively. For example, a healthcare company might recruit a seasoned legal professional with expertise in healthcare data privacy laws, responsible for ensuring compliance with regulations and conducting regular data privacy audits.
3. Provide regular training to employees on data protection best practices.
Ongoing training helps create a culture of data privacy within the organisation. An e-commerce company might implement a quarterly training programme covering topics such as recognising phishing attacks and secure handling of customer data. Employees also need to be aware of the risks involved with the use of artificial intelligence tools in terms of the information about your organisation that is (potentially) shared and (definitely) stored.
4. Implement a data classification system to categorise data based on its sensitivity.
Classify data based on its sensitivity, for instance as ‘public’, ‘internal-only’, ‘confidential’, and ‘restricted’. A financial institution, for example, might categorise its data into these levels, setting access controls accordingly. This helps control access to sensitive information and ensures that appropriate security measures are in place for each data category.
5. Always be mindful of retaining customer trust.
Build customer trust by being transparent about data collection and usage practices. For instance, an online retailer might prominently display its privacy policy on its website, detailing how customer data is collected, used, and protected. Clearly communicate to your customers how their information is being used and stored and implement privacy policies that outline your organisation’s commitment to data privacy.
6. Understand the concept of data privacy and its importance.
Data privacy refers to the protection of personal information from unauthorised access, use, or disclosure. A tech startup might include a module on data privacy in its onboarding programme for new hires, explaining the principles of data protection and the company’s commitment to safeguarding personal information. By defining data privacy and ensuring that all stakeholders understand its importance, organisations can create a framework for protecting sensitive information.
7. Always ensure meticulous regulatory compliance.
Ensure compliance with data protection laws and regulations relevant to your jurisdiction. For example, a global company operating in multiple jurisdictions might conduct regular audits to ensure compliance with GDPR and other relevant data protection regulations. Stay updated with changes in legislation and implement necessary changes to remain compliant.
8. Implement robust cyber security measures to protect against cyber threats.
Protect against cyber threats by using encryption, firewalls, and anti-virus software. A bank, for example, might implement multi-factor authentication for all online transactions, encrypt sensitive data, and regularly update its firewall and antivirus software to protect against the latest threats. Organisations like Liquid Zimbabwe can assist businesses with implementing the appropriate solutions.
9. Have regulatory approved/recommended agreements in place for cross-border data transfer.
Establish required agreements, such as intergroup transfer agreements, and recommended standard contractual clauses for lawful data transfers outside your country of operation. For instance, a multinational e-commerce company uses approved agreements to securely transfer customer data between its African offices. These agreements ensure that data is transferred securely and complies with data protection regulations.
10. Invest in local data storage solutions.
Local storage solutions not only ensure that local data regulatory requirements are met, but Also provide a cost-effective way to run sensitive latency business applications, with the required security features. For example, where a financial services company operates in multiple African countries, each will have its own set of data protection regulations. To comply with these regulations and ensure the security of customer data, the company invests in local data storage solutions in each country.
By proactively addressing and managing the security of data, organisations in Zimbabwe can strengthen their data privacy practices, mitigate risks, and build trust with customers and stakeholders.
This article was written by Lorreta Songola, Regional Chief Commercial Officer, Central Africa Region at Liquid Intelligent Technologies.
7 comments
Very educative
Kkk liquid liquid liquid
Itel S24 review please
Econet decided to remove 2hr combo bundles, everything is just 1hr ,they should give us enough time to use our data
How safe is students/parents information obtained from school management information systems be secured from abuse?. Like an open password is used by all students to access results and then change the password afterwards. Is that not risky?
Make data protection or privacy policy document available to all system users so they know their limit in a given system