Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements. (28th August 2019)
- Record Type:
- Journal Article
- Title:
- Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements. (28th August 2019)
- Main Title:
- Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements
- Authors:
- Da Veiga, Adéle
Vorster, Ruthea
Li, Fudong
Clarke, Nathan
Furnell, Steven M. - Abstract:
- Abstract : Purpose: The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance. Design/methodology/approach: An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act. Findings: The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations. Research limitations/implications: As a jurisdiction with a heavy stance towards privacy implementationAbstract : Purpose: The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance. Design/methodology/approach: An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act. Findings: The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations. Research limitations/implications: As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant. Originality/value: Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation. … (more)
- Is Part Of:
- Information and computer security. Volume 28:Number 3(2020)
- Journal:
- Information and computer security
- Issue:
- Volume 28:Number 3(2020)
- Issue Display:
- Volume 28, Issue 3 (2020)
- Year:
- 2020
- Volume:
- 28
- Issue:
- 3
- Issue Sort Value:
- 2020-0028-0003-0000
- Page Start:
- 399
- Page End:
- 422
- Publication Date:
- 2019-08-28
- Subjects:
- Law -- Privacy -- Security -- POPIA -- Protection of Personal Information Act -- DPA -- Data Protection Act -- GDPR -- General Data Protection Regulation -- Personal information -- Consumer -- Direct marketing -- Opt-in -- Opt-out -- Compliance -- Legal
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-11-2018-0135 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22219.xml