1. Data Collection
FlowTracker uMhlathuze does not collect data from the end user.
2. Data Use
FlowTracker uMhlathuze does not use any data from the end user.
3. Data Sharing
FlowTracker uMhlathuze does not share any user data.
4. Securing Data Delivery to FlowTracker uMhlathuze
Ensuring that the correct data is delivered to the FlowTracker uMhlathuze is vital, thus the following considerations are of key relevance to this application when taking into consideration data security, privacy and protection:
Server Security
Since the server hosts data and information required by FlowTracker uMhlathuze it is imperative that security issues are taken into consideration. Sections 19 – 22 of the POPIA are especially relevant and the following access control measures have been deployed:
̶ 4096-bit RSA key-pair are required when accessing the server;
̶ Root logins are disallowed over SSH. All SSH connections will be as a non-root user with varying administrative privileges.
̶ Listen on only one internet protocol (e.g. IPv4 or IPv6 ).
̶ IP address banning with too many failed login attempts.
̶ Firewall for managing all firewall rules (e.g. port access)
Domain security
To protect security breaches, a SSL (Secure Socket Layer) certificate has been created which creates a secure confirmed connection between the domain name and the intended IP destination. This is an important measure to avoid any reroute attacks in the attempt to share incorrect information and/or material. This is an accepted standard and in an attempt to comply with the South African Protection of Personal Information Act (POPIA).
Database Security
Data can be encrypted in the storage process and decrypted in translation for populating the interface. This means that if data is stolen during a breach, the data is not readable without the correct decryption process. The following data encryption methods are used when accessing and processing data:
̶ Data that requires one-way data verification are MD5 (message-digest algorithm) hash-based encrypted.
̶ AES (Advanced Encryption Standard) for two-way