CATEGORIES
- (3) Negotiating Tax Debt and Payment Arrangements with SARS
- (2)Account / Profile
- (535)Accounting
- (2)Accounting and Finance
- (21)Audit
- (156)Auditing and Assurance
- (1)Business
- (1)Business Management
- (3)Business Rescue
- (94)CIPC
- (7)Compliance
- (18)Ethics and Professionalism
- (46)Financial Reporting
- (1)Government Funding Applications
- (4)Guides
- (1)Individuals Tax
- (19)Law
- (37)Legal and Compliance
- (2)Management
- (5)Miscellaneous
- (22)Money Laundering
- (1)Personal & Professional Development
- (2)Practice Management
- (2)Professional Ethics
- (3)Public Sector
- (145)Regulatory Compliance and Legislation
- (41)SARS Issues
- (26)Sustainability Reporting
- (33)Tax
- (1)Tax Update
- (5)Technology
- (1)Wills, Estates & Trusts
- Show All
Information Regulator: Online platform for Reporting Security breaches
- 30 April 2025
- Regulatory Compliance and Legislation
- South African Accounting Academy
Summary:
The South African Information Regulator has launched an online reporting platform, the eServices portal, for reporting security breaches, also known as security compromises, according to the Protection of Personal Information Act (POPIA).
Article:
The new system aims to streamline the reporting process and improve oversight of security incidents that expose personal information.
This platform is mandatory for all public and private organizations to use when reporting data breaches, with effect from 1 April 2025. The regulator will no longer accept submission of reports via email.
Security Compromises reports must be made in terms of section 22(1) of the Protection of Personal Information Act (POPIA) when there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person.
The responsible party must notify the Regulator; and subject to subsection (3), the data subject (individual whose personal information relates to or is identified by), unless the identity of such data subject cannot be established.
The Security Compromises Reporting functionality is accessible through the eServices portal, which can be found on the Regulator's website at https://inforegulator.org.za or directly at https://eservices.inforegulator.org.za/compromises/default.aspx
The Information Regulator has already provided step-by-step guides and support for registering Information Officers and submitting reports.
Click here to download the Media statement:
Relevance to Auditors, Independent Reviewers & Accountants:
- POPIA is an important piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
- As an auditor, independent reviewer and accountant, you also need to be aware of media statements, enforcement notices, etc. that have been issued by/about the Information Regulator and its Enforcement Committee – especially regarding security and data breaches.
Relevance to Your Clients:
- An entity (company or close corporation) should to be aware of media statements, enforcement notices, etc. that have been issued by/about the Information Regulator and its Enforcement Committee – especially regarding security and data breaches.