South Africa’s Information Regulator is taking a hard stance on companies that fail to protect their data and the personal information of their customers. Throughout 2023, over 110 cyber security incidents have been reported to the Information Regulator every month, forcing this independent body to place hefty fines on companies that fail to comply with the Protection of Personal Information Act (POPIA).
The Information Regulator is empowered to monitor and enforce both public and private organisations to adhere to the POPIA and other data regulations in South Africa. The team is headed up by Advocate Pansy Tlakula and has recently handed down several fines to government departments and private companies for lack of cyber security protocols.
According to the POPIA, fines can be issued up to the value of R10 million, depending on the severity of the data breach and the suspected organisation’s lack of due care towards protecting data and personal information. The Information Regulator is currently investigating numerous cases of cyber security breaches and the exposure of the personal details of citizens.
Recent fines issued by the Information Regulator
The Department of Justice (DoJ) and a major pharmacy franchise in South Africa have both been victims of cyber attacks recently. The DoJ failed to abide by an enforcement notice issued by the Information Regulator and has been slapped with a hefty fine. The pharmacy chain has been instructed to fix its IT security issues or face a R10 million fine.
Both of these incidents highlight the strong stance taken by the Information Regulator in cracking down on security incidents. Companies can no longer remain complacent. The onus is on enterprises to secure their valuable data and the information of their customers and suppliers.
If any business is found to be negligent or have inadequate cyber security measures in place after suffering an attack, then they face severe financial penalties on top of the damaged reputation and potential loss of customers. Cyber security needs to be taken seriously by all companies, with experts stating that it’s no longer a case of if you get attacked but when you get attacked.
In the case of the pharmacy attack, 3.6 million customer records were compromised, including full names, email addresses and cellphone numbers. Similarly, the DoJ attack resulted in 1204 stolen files, which potentially exposed ID numbers, addresses, names and bank details of employees and service providers.
“This occurred as a result of the DoJ & CD’s failure to renew the Security Incident and Event Monitoring (SIEM) licence, which would have enabled it to monitor unusual activity on their network and keep a backup of the log files,” said the Information Regulator in a statement. According to the body, had the DoJ renewed its SIEM licence, it would have been alerted to the malicious activity.
The Information Regulator found the DoJ to have been negligent and guilty of contravening the POPIA. In addition to disciplinary action against officials in charge of IT and software, the regulator has issued a R5 million to the DoJ after failing to submit proof that the SIEM licence has since been renewed.
Is your company secured?
Modern enterprises store vast quantities of data and personally identifiable information, making them a hot target for hackers and cybercriminals. Every business that stores such data needs to have several security measures in place to protect it against various threats.
This often necessitates a third-party vendor or cyber security services provider to be hired to ensure that the business is properly secured and compliant with several regulations, including POPIA. Information officers (IOs), chief information security officers (CISOs) and IT managers are urged to comply with the provisions of the POPIA, which was signed into law in 2013.
Cyber security requires constant monitoring, verification and updating of software and security measures. It’s a rapidly evolving landscape and new technologies are needed to combat the ever-changing nature of cyber attacks. Compliance is also not a tick-box exercise, it needs to be an ongoing process of development and improvement.
Any business that is concerned about its POPIA compliance should contact a leading cyber security provider, like SEACOM, which offers numerous cyber security services to enterprises in South Africa. A professional partner can help you implement a secure business network and digital ecosystem, along with robust backup and recovery solutions.
___
Connect with the world and read about the latest news and current affairs. We share ways to stay abreast of the latest science and technology, as well as breaking news stories that you may need to know about.
Follow us on Facebook, Instagram, LinkedIn and Twitter for more articles, videos and content to keep you inspired.
Mobimeme offers various digital services, including content marketing, SEO, analytics, social media management and expert direction in the digital sphere. Building and growing online audiences for your business is what we do best.