Lesson 1, Topic 1
In Progress

2.12. Identify gaps in the classification system in order to maintain the classification system which reflects the organisational functions and structure

ryanrori February 2, 2021

[responsivevoice_button rate=”0.9″ voice=”UK English Female” buttontext=”Listen to Post”]

Organisations create records in order to document the actions, transactions, and decisions that were made in the course of delivering products and services to clients, to the public, and to government departments and agencies.  They are an organisational asset, and should be managed as such.

To help identify any possible gaps in the classification system, stakeholder’s analysis must be. Through interviews, meetings, policy and document reviews, and surveys, ‘pain points’ and gaps will be identified.  Resolving gaps must represent become a priority to ensure that the classification system reflect the organisational functions and structures

The findings and recommendations from a gap analysis are intended to help drive the approach in terms of initiatives, program direction, investments, and priorities related to the records management. Subsequent segment architecture development activities will further assist to address gaps and opportunities identified.

In the management literature, gap analysis is the comparison of actual performance with potential performance. If a company or organisation does not make the best use of current resources it may produce or perform below its potential.  

Gap analysis identifies gaps between the optimised allocation and integration of the inputs (resources), and the current allocation level. This reveals areas that can be improved. Gap analysis involves determining, documenting, and approving the variance between business requirements and current capabilities. Gap analysis naturally flows from benchmarking and other assessments. Once the general expectation of performance in the industry is understood, it is possible to compare that expectation with the company’s current level of performance. This comparison becomes the gap analysis. Such analysis can be performed at the strategic or operational level of an organisation.

Gap analysis is a formal study of what a business is doing currently and where it wants to go in the future. It can be conducted, in different perspectives, as follows:

  1. Organisation (e.g., Human Resources)
  2. Business direction
  3. Business processes
  4. Information technology

Gap analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome (e.g. to turn the salary payment process from paper-based to paperless with the use of a system). 

Note that ‘GAP analysis’ has also been used as a means of classifying how well a product or solution meets a targeted need or set of requirements. In this case, ‘GAP’ can be used as a ranking of ‘Good’, ‘Average’ or ‘Poor’. 

Statutory requirements for interpreting and maintaining classification systems

Companies must ensure that they comply with the legal retention periods as prescribed by referring to South African legislation and with the operational retention periods as prescribed by the operational requirements;  

Important business records should be easily located and readily accessible to the business and promote constitutional values such as efficiency, transparency and accountability.

Applicable legislation and standards that applies to Record keeping in South Africa

1. Promotion of Access to Information Act, Act 2 of 2000  

2. Electronic Communications and Transactions Act, Act 25 of 2002

South Africa is in the process of developing new legislation on data protection. In early 2002, the South African Law Reform Commission gave notification of a project to begin drafting a comprehensive national Data Privacy Act. The Commission released an Issue Paper and called for comments on the following issues:

  • whether privacy and data protection should be regulated by legislation;
  • how general principles of data protection could be developed and incorporated in the legislation;
  • whether the statutory regulatory agency should be established;
  • whether a flexible approach in terms of which industries will develop their own codes of practices, which could be overseen by the regulatory agency, is viable 

It is envisaged that the promulgation of data protection legislation in South Africa may result in amendments to other South African legislation such as the Electronic Communications and Transactions Act No. 25 of 2002 (ECT) and The Promotion of Access to Information Act No. 2 of 2000.

After the proposed Data Privacy Act is in place, it is expected that South Africa will also apply to the European Commission to declare our data protection laws adequate.

At present, Chapter 8 of the ECT Act sets out the universally accepted data protection principles describing how personal data, as defined in the ECT Act, may be collected and used. This Chapter of the ECT Act only applies to information that has been obtained through electronic transactions.

The ECT Act definition for personal information includes information relating to race, gender, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth. Section 51 furthermore inter alia determines that a data controller must have written permission of the data subject for the collection, processing or disclosure of any personal information on that data; a data controller may not electronically request, collect, collate, process or store personal information on which is not necessary for the lawful purpose for which the personal information is required; a data controller may not disclose any of the personal information to a third party unless required or permitted by law or specifically authorised by the data subject.

It is hoped that consumers will become increasingly aware of their data privacy rights and support businesses and data collectors which subscribe to these principles. While these principles are voluntary and not compulsory to comply with at present, it is hoped that data collectors will implement these principles pending the enactment of the new data protection legislation.

 South Africa is in the process of developing data protection laws. This is necessary to keep pace with technological and e-commerce developments. The European Union Directive came into force in 1998 and set the trend for data protection laws in and outside of Europe. While the South African ECT Act contains the basic universal accepted principles for dealing with personal data collected in electronic transactions, there is a need for separate and more adequate legislation on data protection. The South African Law Reform Commission is working on new legislation which could lead to amendments of the ECT Act and The Promotion of Access to Information Act.