Johannesburg - Businesses in South Africa won't take a new local data privacy law seriously until there’s a high-profile hacking breach in the country.
This is according to Nader Henein, who is the Regional Director for Product Security at BlackBerry in the Middle East and Africa.
South Africa is implementing its Protection of Personal Information (Popi) Act, which restricts how companies handle personal data to safeguard individuals from security breaches.
The Act is intended to close the gap between South Africa and the likes of Europe with regard to data privacy laws.
However, Fin24 has previously reported on how adoption of Popi is sluggish among local companies.
According to research from Trustwave, 51% of South African companies have not made a significant effort to comply with the legislation.
And BlackBerry’s Henein, who is in Johannesburg for this week’s IDC CIO Summit, told Fin24 that full adoption of Popi could only be spurred on by public hack attacks.
He said that the likes of big banks in the country are currently adopting Popi but other businesses still have a way to go.
"Breaches are not yet very public," Henein told Fin24.
“It's not going to really grab hold with a lot of companies until you start seeing companies getting fined.
"And then it starts ringing true with members of the board and the C-level," he said.
South Africa is still in the process of appointing a regulator to look over the implementation of Popi.
But once a regulator is established, companies that experience cyber breaches could face heavy fines.
Custodians of breached data could face a R10m fine or a 10 year jail term.
Public breaches in the US
Henein told Fin24 that high-profile hacking incidents, such as those that hit US retailer Target last year, have shifted the thinking on data security among developed nations in the Northern Hemisphere.
"Target was a seminal moment in the US because the CEO of 35 years, who's been through everything, from having his supermarket taken over by armed gunmen to product recalls for poison baby food, had to resign over that. Over the breach,”
"In 19 days, they lost 70 million customer records, out of which 40 million were credit card and debit card records.
"And in 19 days he went from fairly solid job security, having served the company for 35 years, to having to retire," Henein told Fin24.
Local threats
Henein told Fin24 that in South Africa, security concerns are unique among corporates.
"In South Africa you see concerns around...not the malware side or attack side,” he said.
"The biggest concern is coming from consumer based applications in an enterprise context,” said Henein.
Henein explained that WhatsApp, for example, saves all users’ contacts information in their data centres. This means that users’ corporate contact data could also be uploaded to these data centres, placing this information at risk of possibly being hacked or sold on to other parties.
And despite BlackBerry having lost ground in the global smartphone market, the company is still a big player in the mobile security space.
Henein told Fin24 that BlackBerry has developed solutions that control, for example, whether corporate contact data can be accessed by apps such as WhatsApp on any device - whether it be Android or Apple iOS.
Henein also said that South African government officials are using BlackBerry’s mobile security offerings. However, he did not disclose the extent of this usage.
"We work very closely with government; we work very closely with policing, we work very closely with organisations that care about their security,” Heinen said.
"Yes. There are a substantial number (of SA government officials using BlackBerry mobile security solutions)," Heinen told Fin24.
Listen to Fin24's technology editor Gareth van Zyl interviewing Nader Heneinon on data security in South Africa: