Bridging the personal information governance gap : a case study of a South African University

Toi, Jerall (2019-04)

Thesis (MA)--Stellenbosch University, 2019.

Thesis

ENGLISH SUMMARY : Information is arguably the most valuable asset for a university. Yet, historically, South African higher education institutions did not have to formally and explicitly consider and report upon their Information Governance requirements. The relatively recent—for a university, at least—promulgation of the Protection of Personal Information Act (4 of 2013) and the 2014 Regulations for Reporting by Public Higher Education Institutions now forces these institutions to relook at their Information Governance and Management policies and practices. However, these pieces of legislation, and their international counterparts, do not delve into the how of compliance, leaving institutions facing a gap between their current positions and their desired, legislatively compliant positions. To address this gap, in this study, I discuss the international and local history of and unpack the more recent legislative requirements for Information Governance and privacy to establish the framework for further analysis. The discussion is furthered with a report on a case study investigation into the Information Governance-related initiatives at one South African public higher education institution. With the case study serving as foundation, I conclude by positioning a principles-based approach to privacy. These principles may enable an institution’s governing structures to better provide the direction necessary to not only address Information Governance and privacy-related compliance requirements, but also provide scope to consider the risks and opportunities involved and, ultimately, derive value from their Information.

AFRIKAANSE OPSOMMING : Inligting is waarskynlik die waardevolste bate vir 'n universiteit. Dit was egter nooit histories ʼn vereiste vir Suid-Afrikaanse hoëronderwysinstellings om formeel en presies oor Inligtingsoorsigbestuursvereistes te rapporteer nie. Die relatief onlangse promulgasie van die Wet op die Beskerming van Persoonlike Inligting (4 van 2013) en die Regulasies vir Verslagdoening deur Openbare Hoëronderwysinstellings wat in 2014 bekend gemaak is, maak dit vir hoëronderwysinstellings verpligtend om hul Inligtingsoorsigbestuursbeleide en –praktyke te hersien. Hierdie wette, asook hul internasionale ekwivalente, verduidelik egter nie hoe om aan die vereistes te voldoen nie. Dit laat instellings dus met ʼn gaping tussen hul huidige posisies en die wetlike voldoening waarna hulle strewe. Om hierdie gaping aan te spreek, bespreek ek in hierdie studie die internasionale en plaaslike geskiedenis van die onlangse wetgewende vereistes vir Inligtingsoorsigbestuur en privaatheid om sodoende die raamwerk vir ʼn verdere analise te vestig. Die bespreking word verder gevoer deur die voorlegging van 'n verslag rakende 'n gevallestudie-ondersoek na verwante Inligtingsoorsigbestuur-inisiatiewe by een van die openbare hoëronderwysinstellings in Suid-Afrika. Met die gevallestudie-ondersoek as basis, sluit ek af deur die posisionering van ʼn beginselbenadering tot privaatheid. Hierdie beginsels kan die oorsigstrukture van die instellings in staat stel om die nodige rigting te verskaf om, nie net Inligtingsoorsigbestuur- en privaatheidverwante nakomingsvereistes aan te spreek nie, maar ook om die risiko's en geleenthede wat daarmee gepaard gaan te oorweeg en uiteindelik waarde uit hul Inligting te verkry.

Please refer to this item in SUNScholar by using the following persistent URL: http://hdl.handle.net/10019.1/106246
This item appears in the following collections: