Subscribe
About

A tale of two Acts

RICA and POPI both pertain to personal privacy rights and both require similar governance behaviours, says Anthony Olivier, MD of Performanta Consulting.

Everywhere, people want to talk about privacy. Or, more precisely, the Protection of Personal Information Act, 4 of 2013.

I get less interest - or recognition - when I mention RICA; or equally precisely: The Regulation of Interception of Communications and Provision of Communication-related Information Act, 70 of 2002. Which is enlightening: they both pertain to personal privacy rights, both constrain the behaviours of organisations, and both require similar governance behaviours, says Anthony Olivier, MD of Performanta Consulting.

RICA is, perhaps, not as marketable as POPI when selling solutions. Or it appears less relevant: applying to police interception perhaps. But, actually, the ambit of the Act is quite clear. Section 2 states: "no person may intentionally intercept or attempt to intercept or authorise or procure any other person to intercept, attempt to intercept at any place in the Republic any communication in the course of its occurrence or transmission".

To be blunt: this means you. And I. And every other organisation that chooses to monitor the activities of its staff - including those activities which could place the organisation at risk of compromising confidential information.

This is a good way to express this point: privacy is not a one-Act wonder. It rests at the intersection of multiple Acts, ranging from the Constitution onwards; and, while many of these Acts concur, there are occasionally contradictions - and complexities such as RICA. We must monitor to ensure we satisfy POPI - but we can't monitor without regard to RICA.

Like POPI, RICA is not absolute: it allows interception to occur within certain constraints. Where POPI needs an information officer, RICA needs a system controller. And similar to POPI, key controls can be implemented quickly and with little to no cost.

But the one gets attention and the other is barely noticed in the private sphere. And both matter.

The author

Anthony Olivier is the MD of Performanta Consulting, event sponsor of the ITWeb Security Summit, taking place from 27 - 29 May at the Sandton Convention Centre. Book your seat at www.securitysummit.co.za. Follow #itwebsec

Share

Editorial contacts

Leigh Angelo
ITP Communications
leigh@tradeprojects.co.za