Guidelines for Data Privacy Compliance: A Focus on Cyber-physical Systems and Internet of Things

Privacy as a human right has been in existence for decades, but its effects are accentuated in the information age. Data privacy compliance in modern information technology applications is important, unavoidable, but complex, even more so for technologies (such as cyber-physical systems (CPSs) and Internet of Things (IoT)) that are enablers of the fourth industrial revolution, because of the covert nature of data collection involved. Organisations are not always equipped to comply with privacy requirements in such environments. This paper proposes a list of privacy compliance guidelines aimed at making it practical for organisations to comply with privacy legislation in these domains. The proposed guidelines can provide direction to organisations when carrying out a data privacy compliance exercise for CPSs and IoT. The guidelines take into account technical, organisational and legal aspects of data privacy compliance. Legal aspects are primarily based on the South African Protection of Personal Information Act 4 of 2013. Design science research, using literature analysis and expert opinion as data collection methods, was used as research approach.