In terms of section 22 of the Protection of Personal Information Act No. 4 of 2013 (POPIA), where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify the Information Regulator (Regulator) and the data subject, unless the identity of such data subject cannot be established.
On or about 9th September 2021 and through the media statement from the DoJ&CD, the Regulator became aware of the security compromise on the IT Systems of the DoJ&CD, in terms of which the DoJ&CD advised that the aforesaid security compromise was effected through ransomware on the evening of 6 September 2021. The DoJ&CD advised that ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading which occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge.
The Regulator is currently not aware of the identity of the unauthorised person who may have accessed or acquired the personal information and investigation is currently underway.
Click here to download the Notification:
Get all your CPD online. SA Accounting Academy (SAAA) offers Subscription Plans, Live Webinars, Webinars On-Demand, Access to Experts, Courses, Articles and more: https://cpd.accountingacademy.co.za.
View upcoming live accounting and practice management webinars.
Learn MoreBrowse our extensive range of relevant accounting and practice management webinars.
Learn MoreBrowse our relevant and practical online courses.
Learn MoreAccess to professional and technical content that ensures both your knowledge and skills are maintained.
Learn MoreAccess updated legislation including amendments.
Learn MoreA source of commonly asked technical accounting questions.
Learn More