With privacy law developing, security concerns take precedence at FIFA World Cup

Long before the 2010 FIFA World Cup had all eyes focused on South Africa to see which team would win the coveted top honor, an immense amount of work went on behind the scenes to address the public safety issues that come with any gathering of this size and scope. According to the World Cup 2010 South Africa

, for example, various plans were put in place in advance of the event for security purposes, including using satellite monitoring. Such security measures also come with privacy concerns--at a time when South Africa is in the process of reviewing proposed data protection legislation and when its impacts on organizations are not yet known. With the nation’s privacy law still in development, the type of provisions that were seen at the recent Vancouver Olympics in Canada, where privacy protection plans were enacted alongside security provisions, are not yet in place. “I would say that due to the nature of dealing with crime in our country and our maturity with regard to privacy that our main focus would be on security,” said Craig Rosewarne, head of the Deloitte School of Risk Management and founder and chairman of the nonprofit Information Security Group of Africa (ISGAfrica). “We, however, have a very mature and well-balanced constitution that talks very heavily on the rights to privacy of each citizen of SA.” With such security measures as the motion control system put into place at OR Tambo International Airport prior to the games, reported by

, Rosewarne said that although some safety precautions compromise privacy to a degree, they are tolerated because of the need to protect the public. “Another project currently underway, after our government recently spent billions upgrading our road infrastructure, is to implement a license plate identification system to automatically charge toll fees for using the newly improved highways,” Rosewarne said, adding that essentially, “you will be tracked, in essence, wherever you go.” Already, he said, many SA vehicles are equipped with satellite systems run by private security companies that allow them to be tracked if they are hijacked by criminals. As Information Security and Risk Management Consultant Adele da Veiga of ISGAfrica explained, “should SA organizations process personal info of tourists they must do it in accordance with the requirements of the constitution and international regulation; e.g., they cannot send marketing material via e-mail to U.S. citizens…without following the exact requirements on the U.S. privacy laws.” Similarly, she said, travel agents are prohibited from transferring personal information on tourists from the EU to South Africa “without having contracts in place or binding corporate rules regulating the processing of personal information and the security controls that must be in place.” The airport motion control system, for example, uses real-time integrated functionality to update travelers' information upon entry into the country and communicate it to all other points of entry, according to the ITWeb report, and is aimed at preventing illegal activities by integrating with national and international law enforcement databases. The  same provisions prohibiting travel agents from randomly sharing information hold true for the nation’s airports, da Veiga noted. Legal factors also come into play when conferring with foreign intelligence agencies to address security concerns. South African intelligence agencies have strong relationships in place with such foreign organizations as Interpol and the FBI, Rosewarne explained, adding, “Red tape, however, results in often serious delays in obtaining relevant permissions to investigate and collaborate on incidents.” Rosewarne specifically cited Internet crime as a key data protection issue, stating, “Cyber criminals are aware of these delays and compromise the system--for example, credit card details stolen from SA are not used for purchases within the country but outside our borders.” When asked about the public’s mood on data privacy in general in South Africa at this time, Rosewarne said the focus is largely on corporate responsibility in terms of the handling of personal information. This is especially the case, he said, with the upcoming Protection of Personal Information Act, which is expected to be enacted later this year or early in 2011. As Rosewarne and others point out, privacy is a constitutional right in South Africa and, as cited in a report featured in 

, “The intention behind the bill is to provide the necessary legislative framework and detail for the proper and effective enforcement and protection of the underlying constitutional right.”

The Privacy Advisor.