subsection (4) shall be done in a manner that prevents its recon….In an
intelligible form
Security measures on integrity of personal information
20.
(1) A data controller shall secure the integrity of personal information in its
possession or under its control by taking appropriate, reasonable technical and
authorised measures to prevent (a) loss of, damage to or unauthorised destruction of personal
information; and
(b) unlawful access to or processing of personal information.
(2) In order to give effect to subsection (1), the data controller shall take
reasonable measures to –
(a) identify all reasonably foreseeable internal and external risks to
personal information in its possition or under its control;
(b) establish and maintain appropriate safeguards against the risks
identified;
(c) regularly verify that the safeguards are effectively implemented; and
(d) ensure that the dafeguards are continually updated in response to
new risks or dificiencies in preiovuosly implemented safeguards.
(3) The data controller shall have due reguard to generally accepted information
security practices and procedures or professional rules and regulations which
may apply generally or be required in the speciic industry.
Information processed by a data processor of the data controller