https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / Werksmans RSS ← Back
Africa|SECURITY|Service|System|Systems
Africa|SECURITY|Service|System|Systems
africa|security|service|system|systems
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

The sword finally falls, ironically on justice itself | DoJ fine by Information Regulator


Close

Embed Video

The sword finally falls, ironically on justice itself | DoJ fine by Information Regulator

Werksmans

5th July 2023

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

What is the price that one pays for not having antivirus software? R5 million according to the Information Regulator of South Africa (Regulator). That is the fine that has been levied against the Department of Justice and Constitutional Development (DoJ) for not having appropriate security measures to protect the personal information it holds. It is also the first fine issued by the Regulator against an organisation for failure to comply with the Protection of Personal Information Act 4 of 2013 (POPIA).

In a previous article we talked about how the DoJ had suffered a data breach wherein its systems were encrypted by cyberhackers, preventing employees of the DoJ from accessing over 1,204 files necessary for service delivery.

Advertisement

In light of risks to personal information, including the risk of a data breach, POPIA requires organisations (public and private) to secure the integrity and confidentiality of personal information in their possession or under their control. In other words, reasonable measures must be implemented both on an organisational (people) and technical (systems and processes) level to protect personal information. This was not the case when the Regulator investigated the DoJ following the data breach it suffered. Amongst others, it was found that the DoJ had failed to renew the licenses to its security incident and event monitoring system, intrusion detection system, and antivirus software in 2020 (a year prior to the data breach). Had those licenses been renewed then the breach may have been prevented.

Following its investigation the Regulator issued an enforcement notice in May 2023 requiring the DoJ to show proof within 31 days that it had renewed its security software licenses. This was an opportunity for the DoJ to remedy its lack of appropriate security measures and perhaps avoid a fine. However, it failed to abide by the enforcement notice which constitutes an offence under POPIA, hence the R5 million fine.

Advertisement

Consequently, it is important for organisations to note that suffering a data breach is not in and of itself an offence in terms of POPIA. Rather, it is the failure to have appropriate security measures in place to protect personal information that will be cause for concern. Worse yet, where the Regulator points out to an organisation that it has fallen short from a data protection perspective and indicates where remedial action should be taken, and such remedial action is not taken by the organisation, a fine will most likely follow. Accordingly, this should serve as a sounding warning to all organisations to get their proverbial data protection house in order and, if so required, abide by enforcement notices from the Regulator!

Written by Ahmore Burger-Smidt, Head of Regulatory and Nyiko Mathebula, Associate; Werksmans

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za