https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Africa|SECURITY|Systems
Africa|SECURITY|Systems
africa|security|systems
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Information regulator takes action against department of justice and constitutional development


Close

Embed Video

Information regulator takes action against department of justice and constitutional development

Webber Wentzel

7th July 2023

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

The Information Regulator has levied an administrative fine of ZAR 5-million on the Department of Justice for breaching POPIA.

In September 2021, the Department of Justice and Constitutional Development (the DoJ) suffered a cyberattack that resulted in the loss of over 1 200 files, the encryption of internal documents and the compromise of personal information. Following an assessment of the DoJ's systems, the Information Regulator of South Africa (Information Regulator) concluded that the DoJ had failed to put adequate security measures in place to monitor, detect and prevent data breaches. Specifically, the DoJ had failed to renew its Security Incident and Event Monitoring (SIEM) Licence and antivirus licence since 2020. The Information Regulator issued an Enforcement Notice to the DoJ.

Advertisement

The Enforcement Notice

In terms of the Enforcement Notice, the Information Regulator ordered the DoJ to:

Advertisement

(i) renew its SIEM and antivirus licences; and

(ii) institute disciplinary proceedings against the officials who failed to renew the SIEM and antivirus licences.

The DoJ was given 31 days to implement the order of the Enforcement Notice. The 31 days expired on 9 June 2023, without the Information Regulator receiving any report on the implementation of this order.

The Infringement Notice

On 3 July 2023, for the first time since it was established, the Information Regulator issued an Infringement Notice to the DoJ, finding that it had contravened the Protection of Personal Information Act 4 of 2013 (POPIA) and ordering it to pay a fine of ZAR 5-million (the maximum fine for contravention of POPIA is ZAR 10-million).

The Information regulator has given the DoJ 30 days from 3 July 2023 to pay the administrative fine or elect to be tried in court for contravention of POPIA.

This latest development demonstrates a clear intention by the Information Regulator to enforce POPIA. We anticipate the Information Regulator will issue more fines for non-compliance in the future.

Written by Peter Grealy, Karl Blom & Wendy Tembedza, Partners at Webber Wentzel

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za