Features sponsored by the Samsung Galaxy S22 series:

Recently we were able to spend some time with Cisco, speaking about the always relevant issue of Data Privacy. Conrad Steyn, the CTO and head of engineering at Cisco South Africa, tells Ryan Noik why data privacy is so essential and elaborates on some of the findings of its latest Data Privacy report.

RN: How has the attitude towards data privacy changed over the past two years, and has the pandemic, work from home and the stresses on businesses and individuals alike influenced this?

CS: The importance and relevance of data privacy continues to be top of mind for consumers as well as organisations and are seen to be a top influencer when making buying decisions.

During the pandemic period we have seen a large number of security breaches, data leaks, technology security gaps which has placed a new emphasis on data security with the introduction of new legislation for example the Protection of Personal Information Act.

Consumers now question the ability of the service provider to guarantee data privacy and security as part of their offering and expect governance to be applied when data leaks or breaches occur, it has become the norm.

RN: Data privacy is often spoken about as an obligation for regulatory compliance. Is it still primarily a compliance issue, or has it expanded beyond that? If so, how?

CS: Privacy laws provide important reassurances for companies doing business together. While privacy regulations come with added cost and effort, organisations are increasingly recognising the value of these protections and are overwhelmingly supportive of these laws. .

Cisco’s 2022 report found that privacy is mission-critical, as 90 percent consider privacy a business imperative. In fact, the survey showed privacy investment continues to rise and organisations see a high return on investments from privacy spending.

RN: How is South Africa faring with regards to abiding by data privacy laws? How seriously are they taken here?

CS: In many organisations including South Africa, POPIA legislation is well received in spite of the effort that is required to support it. For instance, in order to implement it, organisations are required to put in quite a bit of effort as well as commit to carrying the cost implications one can associate with cataloguing data, maintaining records and implementing controls.

But the benefits outweigh the negatives as at least 83 percent of all corporate respondents in the Cisco survey said privacy laws have had a positive impact, with only three percent indicating that the laws have had a negative impact on their businesses. 

RN: Are there weak areas that need to be addressed on data privacy from a national perspective, that need to be improved on?  

CS: We have seen the introduction of the Protection of Personal Information Act which came into effect on the 30th of June 2021, which has established a framework for data privacy and protection but requires stricter enforcement and penalties from Government as there are still cases of large data leaks occurring across all sectors in South Africa.

The recently announced Cybercrimes Act in conjunction with Section 3 of the POPI act should assist with data privacy and reducing data leakages, as it is now a criminal offence and punishable by law.

RN: What are some of the benefits that data privacy brings?

CS: As organisations continue to generate more and more data, the benefit of data privacy continues to increase as well.

It was noted in the survey that many organisations are now seeing the value that securing their businesses realises with over 60% realising significant business valued from privacy measures,  especially when it comes to reducing sales delays, mitigating losses from data breaches, enabling innovation, achieving efficiency, building trust with customers, and making their company more attractive to consumers. 

RN: Can you speak to the expectations around data privacy and to the extent to which it is valued by end users?

CS: End users have confirmed that they will support businesses that take data privacy seriously and so it is that taking privacy seriously affects the bottom line.

These same customers say that they expect a company to specify and clearly express their privacy policies and this tells us that it is also becoming more normal for customers to demand that organisations set higher standards than those specified in regulatory requirements.

RN: To what extent is protecting users’ data privacy effectively a business differentiator? How can data privacy be used to generate business and help businesses improve their bottom line?

CS: Cisco’s privacy study also revealed that companies are benefitting from their privacy investments beyond compliance.

It can be a differentiator, as the chances of a breach decreases within an organisation that has implemented data privacy measures.

Should a breach occur, there is a high chance that fewer data records will be impacted, saving the company a lot of time, money and valuable data that can be used to improve the business and make it a success.

RN: Do you find that users’ esteem and trust in a company changes dramatically based on whether it succeeds, or fails at protecting their personal data? Or do users now largely shrug it off when a company is breached, and they hear that their personal data may have been compromised?

CS: We surveyed 5 000 respondents in 27 geographies and most of them agree that they would not buy from an organisation that does not properly protect its data and a further 91 percent indicated that external privacy certifications are important in their buying process.

What this tells us is that trust is dramatically affected as customers tend to have a high value of their personal data and it is vital to them that the businesses they deal with put provisions against the possibility of a breach in place.

RN: What core advice would you give organisations with regards to data privacy now, in 2022?

CS: Privacy should be considered when building the strategy of a business and not only be considered as a compliance box to check.

To prevent a data breach incident, organisations need to understand what weaknesses attackers will typically target to gain unauthorised access to high-value data they want to steal, compromise, or even destroy as this insight can be used to help improve defences.