ICT law conference highlights SA’s security risks

Legal experts said that it was the duty of the company to take certain precautions to reduce its ICT security risks. Attorney Reinhardt Buys noted that although SA does not have legislation that specifically covers IT security, there were various ways in which a company could be culpable if there was a security breach. In addition, Jan Snyman, legal advisor for the Sasol group of companies, stated that legal precedents had also shown that an employer could be forced to assume a vicarious liability for the misconduct of its employees. Snyman noted that statistics have shown employees carry out at least 80% of security breaches, reports ITWeb. Attorney Lance Michalson suggested that companies should invest in their human resources as much as they do in their security software. ‘It\'s no use installing security software when the greatest threat the company faces is the employees walking around carrying memory sticks,’ he said. Experts agreed that the first step to reducing risk was to develop an ICT security policy and to train employees on its content. Full ITWeb report

The requirements of the Promotion of Access to Information Act were also discussed at the conference, reports E-Brief News. Legal experts said that the interests of the company needed to be weighed against the need to provide information, while juggling the practical considerations, which come into play when trying to meet the requirements of various ICT laws. John Giles, of Harty Rushmere Attorneys, addressed some of the issues. He said: ‘The Act is all about balancing interests.’ A company should balance the customer’s need for information against whether disclosure would harm the company. But, ITWeb notes, for many delegates, the key issue was how to store information so that it was easily accessible. Full ITWeb report