Data breaches and security compromises - be prepared

Apr 23, 2021


Although data breaches are nothing new, this topic has received more focus recently with stricter data protection laws and regulations. It is more important than ever that organisations prepare for such an occurrence and have formal procedures and protocols in place to deal with the fallout. Here are some pointers and reminders of aspects to think about.


What is a data breach or security compromise?

In terms of the Protection of Personal Information Act (POPIA), this is not defined. Under the new Cyber Crimes Bill, there are descriptions of types of actions that would constitute criminal offences. However, for the purposes of being prepared, this could entail any type of data breach or security compromise (digital or physical) that would expose the organisation to potential risk.

Apart from the obvious things around cyber security such as hacking, malware, ransomware attacks, etc. we also need to consider other vulnerabilities in the protection of the (personal)...

Continue Reading...

POPIA - The Responsible Party and the Operator

Oct 14, 2020


Many organisations use agencies / consultants / service providers for a range of activities – which in all likelihood include the processing of personal information and/or special personal information. Think about recruitment agencies, IT service providers, security providers, payroll management, marketing agencies, external auditors – to name just a few. These would, for the purposes of POPIA, be regarded as third-party operators and YOU have to ensure that they comply with the Act when they process personal information on your behalf.

The Responsible Party under POPIA is a public or private body or any other person who, alone or in conjunction with others, determines the purpose of and means for the processing of personal information in their possession.

An Operator is the person (or entity) doing the actual processing.

The responsibilities, rights and obligations of operators are not the same as those of responsible parties. However, the distinction...

Continue Reading...

POPIA - Understanding the process

Jul 02, 2020


Most of the remaining provisions of the Protection of Personal Information Act have come into operation on 1 July 2020.

That means that the start of the anticipated 12 month transition period is 1 July 2020 and that the effective date for enforcement (the date by which organisations must be compliant) will be 30 June 2021. Although there will be no sanctions for non-compliance until that time, organisations must work towards compliance as soon as possible - and there is a lot to do.

It is expected that there will be further communications covering practical implications such as the registering of Information Officers. 

POPIA applies to all local and foreign organisations processing personal information in South Africa. The Act will impact on technology, policies, procedures and compliance frameworks across the business - including in ICT, HR and marketing.

What is POPIA?

POPIA is the South African version of the European...

Continue Reading...

50% Complete

Sign up for our mailing list

Be the first to know about new developments, training, news and special offers