…..article dated 4 July…..
Data sovereignity and more security called for….
Anchor legislation governing issues which include digital infrastructure; access to data and cloud services; data protection and certain cybersecurity measures are likely to be legislated for as a result of the current move by the Department of Communications and Digital Technologies (DCDT) to establish what is termed a National Data and Cloud Policy.
DCDT state that a clear policy on data and cloud services is necessary for South Africa to enter what is commonly being termed as the Fourth Industrial Revolution (4IR). Such matters on which a policy is to be established include governance and institutional mechanisms; competition issues within the industry; skills and capacity development, research and innovation and all related human capital development.
The final overall policy will be designed to ensure an informed platform for development based on correct data analytics necessary in order to promote South Africa’s data sovereignty and security, DCDT concludes.
Looking to the future
In a government gazette which called for industry comment, DCDT stated its objectives are the promotion of connectivity and access to data and cloud services in the 4IR; removing regulatory barriers and enabling competition; ensuring implementation of effective cybersecurity privacy and data and cloud infrastructure protection measures. The date for comment closed on 18 May.
Recently Minister Stella Ndabeni-Abrahams disclosed that DCDT were in possession of some 17,000 replies and that they were sifting through all of these in search of additional value. A major consideration, she said, was not only putting institutional mechanisms in place for the governance of data and cloud services but to “support the development of small, medium, and micro enterprises and providing for research, innovation, and human capital development.”
The Minister emphasized that any draft policy had to be about “Reinforcing the acceleration of the rollout of digital infrastructure to reinforce a connected society”. Once again, DCDT proposed that the existing networks of state-owned enterprises, such as Sentech and Broadband Infraco, be consolidated to form a state digital infrastructure company (SDIC) which new SOE will then provide network connectivity.
The draft policy points out that in order to unlock the value of data, there are “key policy issues that need to be addressed such as increasing the pool of collectable data, enhancing data analytic capacities, and promoting responsible decision making for growth and well-being”.
The policy, once finalised, will apply to the all levels of the public sector, the private sector and the general public, says DCDT. The draft document proposes that a Digital Transformation Centre (DTC) be established for purposes of “steering 4IR technologies”.
Most likely a White Paper will follow, the first document in the parliamentary process. DCDT comments on the need to develop what they say is “an open data framework” and a whole section of the proposed policy will be devoted to cloud computing services which, it is stated, will “enhance the potential of artificial intelligence technologies such as blockchain and the Internet of Things (IoT).
The draft Policy proposes the establishment of a High-Performance Computing and Data Processing Centre (HPCDPC) which will have “Access to the excess capacity of publicly funded data centres owned by entities such as Sentech, Broadband Infraco, Eskom and Transnet.”
Furthermore, “data sovereignty” is proposed for certain data that is classified or identified as “critical Information Infrastructure” which can only be processed and stored within South Africa; cross-border transfers being carried out in line with POPIA, in line with the SA Constitution generally “and which have regard for international best practice – it being noted that all data generated within South Africa is the property of South Africa even if the technology company is not incorporated in South Africa.”
Over the border
Any cross-border transfers, it is proposed, must be subject to what is termed as ” localisation requirements”, copies of any data that is transferred outside of South Africa having to be stored in South Africa for law enforcement purposes, government generally “acting as a trustee in respect of all government-related data generated within South Africa”.
The proposal gazetted states that further key objectives of the National Data and Cloud Policy include, amongst other things, the need to:
- enhance investment opportunities;
- drive inclusive economic growth;
- create jobs and enhance skills development;
- enhance universal access to broadband connectivity, data and cloud services.
Legislation likely to be affected in the drive to establish a policy as indicated by DCDT and which are stated as not adequately addressing a data policy for the Fourth Industrial Revolution are:
- The Communications and Transaction Act No. 25 of 2002 which provides for the identification, protection and management of critical data and critical d and which should be declared by the Minister as being for the protection of national security or economic and social wellbeing of the country.
- The Protection of Personal of Information Act No. 2013 (POPIA) which provides standards for the minimum information security measures that any institution must put in place for sensitive or classified information to protect
- The Protection of Information Act No. 84 of 1982 which provides for the protection from disclosure of certain state information.
- The Public Administration Management Act No. 11 of 2014 which provides norms and standards to ensure the inter-operability of its information systems for public administration and eliminates unnecessary duplication of information and communication.
- The National Archives of South Africa Act, No. 43 of 1996 which provides for the management of the electronic records system of government and further provides for access to public records after the lapse of a 20-year period.
- The Spatial Data Infrastructure Act, No. 54 of 2003 which provides for the establishment of South African Spatial Data Infrastructure as the national technical, institutional and policy framework to facilitate the capture, management, maintenance, integration, distribution and use of spatial information.
- The Promotion of Access to Information Act No. 2 of 2000 (PAIA) which provides for access to any information including records held by public and private bodies