Share

Legal expert looks at business data breaches

Cape Town - Following the largest data breach of private citizens in South Africa’s history, which saw the personal data of over 30 million people leaked online, South Africans are increasingly at risk of falling victim to identity theft, fraud, and other forms of cybercrime.

One of the major challenges from a legal standpoint at present, according to Fatima Ameer-Mia, senior associate within the technology and sourcing practice at Cliffe Dekker Hofmeyr, is that there is currently no legislation in force which compels a business to disclose such data breaches to its information security.

“Across the world, data is a very valuable resource and the commercialisation and monetisation of data is therefore big business. Businesses in South Africa, however, tend to have particularly poor information security practices in place, which puts them at greater risk to opportunistic cyber criminals," says Ameer-Mia.

"Until a regulatory framework is established which criminalises cybercrimes, providing the impetus for businesses to implement more robust information security measures and disclose any data breaches experienced, SA will continue to be a high risk country with regards to cyber and information security threats.”

Under the current SA law, Ameer-Mia says legal recourse against cybercrime is fairly limited.

“The only circumstances under which compensation may be payable is if an individual is able to prove monetary loss and causality and succeeds with a delictual claim, whereby they claim for damages from the individual or organisation who caused the data breach. In this case, however, the claimant will have to go to court, which is usually a complicated and costly exercise.”

She says this is expected to change when the Protection of Personal Information Act (POPI) comes into force.

“The notification of data breaches in South Africa is governed by POPI, and while POPI has been promulgated, its substantive sections are not yet in effect."

“Only once these substantive sections become legally binding, do we expect to see businesses change their approach to the protection of customer and employee data, as this will mean that an organisation which is involved in a data breach situation may be subject to an administrative fine, penalty or sanction,” explains Ameer-Mia.

Furthermore, POPI will provide remedies and a complaint channel for those compromised by the unlawful processing of personal information.

Starting point

Ameer-Mia says, as a starting point, to protect both themselves and their customers, companies need to safeguard the data collected and held by them, and be more transparent about instances where this data may be breached.

“This starts with a risk assessment in terms of critically evaluating what data they hold, where they get it from, why they hold it, how they use it and who has access to such data," she says.

“Once this understanding has been established, businesses can then turn to the technical and organisational measures they currently have in place (or have to put in place) to safeguard such data against unlawful access.”

She concludes that hopefully, the recent data breach will provide the impetus for government to take positive action with regards to implementing the legislative and regulatory framework around data protection and cybersecurity.

“In the long run, implementing a regulatory framework which protects citizens and allows for healthy economic development will benefit all parties – consumers, businesses and the government alike.”

SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

Read Fin24's top stories trending on Twitter:

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.0%
Rand - Pound
23.91
-0.0%
Rand - Euro
20.41
+0.1%
Rand - Aus dollar
12.33
+0.1%
Rand - Yen
0.13
-0.0%
Platinum
908.05
+1.2%
Palladium
1,014.94
+1.3%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent-ruolie
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders