CATEGORIES
- (2)Account / Profile
- (499)Accounting
- (6)Audit
- (125)Auditing and Assurance
- (1)Business
- (3)Business Rescue
- (66)CIPC
- (6)Compliance
- (6)Ethics and Professionalism
- (35)Financial Reporting
- (3)Guides
- (1)Individuals Tax
- (2)Law
- (36)Legal and Compliance
- (2)Management
- (12)Money Laundering
- (1)Personal & Professional Development
- (1)Practice Management
- (1)Professional Ethics
- (1)Public Sector
- (82)Regulatory Compliance and Legislation
- (29)SARS Issues
- (11)Sustainability Reporting
- (21)Tax
- (1)Tax Update
- (1)Technology
- Show All
POPIA Enforcement notice issued to Dept of Justice
- 15 May 2023
- Accounting
- South African Accounting Academy
In September 2021 the DoJ&CD suffered a security compromise on its IT systems. This led to the department's systems being unavailable to its employees and subsequently affecting services to the public. The Regulator conducted an own initiative assessment after the Department suffered a security compromise (data breach).
Following the assessment, the Regulator found that the department had failed to put in place adequate technical measures to monitor and detect unauthorised exfiltration of data from their environment resulting in the loss of approximately 1204 files. This occurred as a result of the DoJ&CD’s failure to renew the Security Incident and Event Monitoring (SIEM) licence which would have enabled it to monitor unusual activity on their network and keep a backup of the log files. The failure to renew the licence resulted in the unavailability of critical information contained in the log files. The SIEM licence expired in 2020.
Should the DoJ&CD fail to abide by the Enforcement Notice within the stipulated timeframe, it will be guilty of an offence, in terms of which the Regulator may impose an administrative fine in the amount not exceeding R10 million, or liable upon conviction to a fine or to imprisonment of the responsible officials.
The actual Enforcement Notice (dated 9 May 2023) in terms of Section 95 of the Protection Of Personal Information Act 4 of 2013 can be downloaded at https://inforegulator.org.za/wp-content/uploads/2020/07/ENFORCEMENT-NOTICE-DOJCD-MATTER-090523.pdf
Click here to download the Media Statement for all the detail:
Relevance to Auditors, Independent Reviewers & Accountants:
- POPIA is an important piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
- As an auditor, independent reviewer and accountant, you also need to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.
Relevance to Your clients:
- An entity (company or close corporation) should to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.
To stay current with all the latest changes and updates subscribe to our Monthly Compliance and Legislative Update series for R 250.00 per month. This gives you access to a monthly 2-hour webinar and monthly newsletter:
https://accountingacademy.co.za/profession/monthly-legislation-update
Get all your CPD online. SA Accounting Academy (SAAA) offers Subscription Plans, Live Webinars, Webinars On-Demand, Access to Experts, Courses, Articles and more:
https://cpd.accountingacademy.co.za.