Budget impact of POPI Act compliance:

[Tetelestai]

Dear Members

It has come to the attention of SADPA Exco that the pending promulgation of the Protection of Personal Information (POPI) Act, Number 4 of 2013, will put SADPA in a state of non-compliance and expose the organisation to legal liability. In view of this, the Exco has decided to effect the required changes to bring SADPA in compliance with the POPI Act before end June 2018. The most significant change will be the transfer of SADPA's website, including the online database, to a more secure platform. Aside from ensuring compliance in the safeguarding of our members' personal information, the move will also have the benefit of providing SADPA with an email system to replace the Yahoo Groups.

Unfortunately, this comes at a cost. The Exco is presently reviewing quotations but we are looking at about R5000.00 per month. We hereby notify our membership of the increased cost and over-expenditure on the budget line item for web services that will result from this necessary change.

Yours in shooting

JA Hoogenboezem
SADPA Treasurer

* Posted here from other communication forums5to ensure Exco reaches as many members as soon as possible.

[th3wall27]

So as part of my company I do POPI compliance checks for companies. And with every initial meeting I have with any company, it always comes down to." This is going to cost us a fortune to comply,retrain staff and secure data. How does the government expect us to comply within a couple of months" Protection of Personal Information Act, No 4 of 2013 . And now everyone has to jump. Eish.

[Tetelestai]

We're just fortunate to have had two very IT-savvy guys at the SADPA Exco meeting last night. We might have missed this completely.

[atunguyd]

R5k a month for a website and email hosting? Is SADPA seen as a government department these days?

Sent from my SM-N950F using Tapatalk

[armandvdwalt]

Yes that is way to high for hosting, I would advise the members of SADPA toe query this and maybe help them to contact a developer that won't charge them an arm and a leg just because they can take advantage of them.

[Tetelestai]

Guys, one of the problems is we need to do this QUICKLY. I did mention that two members around the table work with this daily so it's not like someone just vomited a price and we had to bite. We are looking at lower costs but as Treasurer I need to box clever and put a maximum amount on the initial urgent communique. I'd be stupid if I didn't!

I saw some technical documentation on the requirements this morning. It is a far, far cry from hosting. Members are welcome to look at the budget report for 2017 to see our combined cost for hosting and Web development costs then - we know how cheap it is. The security vulnerabilities that come with that cheapness though...

[SSP]

I trust that there will be transparency with regard to the appointment of the company who will attend to this.

In other words, a disclosure of interests if there are any.

[supra]

The problem is not the website that is not secure
Problem comes that this point in time we uses a shared hosting services as well as a shared hosting service for database. Which is the normal hosting types that is being provided by isp’s.
Going to a Dedicated own servers with zero shared services except internet fiber is the issue. If anybody got a provider that can provide two servers that dont use any shared services with a 3rd party it would be much appreciated for that information.

[supra]

I trust that there will be transparency with regard to the appointment of the company who will attend to this.

In other words, a disclosure of interests if there are any.

I’ve asked a couple of service providers to sent directly proposals to exco.
Requirements from a PCI DSS and ISO21007 security franework has been given as a minumum service requirement.