POPIA Security compromise notification

12 October 2021
South African Accounting Academy

In terms of section 22 of the Protection of Personal Information Act No. 4 of 2013 (POPIA), where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify the Information Regulator (Regulator) and the data subject, unless the identity of such data subject cannot be established.

On or about 9th September 2021 and through the media statement from the DoJ&CD, the Regulator became aware of the security compromise on the IT Systems of the DoJ&CD, in terms of which the DoJ&CD advised that the aforesaid security compromise was effected through ransomware on the evening of 6 September 2021. The DoJ&CD advised that ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading which occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge.

The Regulator is currently not aware of the identity of the unauthorised person who may have accessed or acquired the personal information and investigation is currently underway.

Click here to download the Notification:

https://www.justice.gov.za/inforeg/docs/InfoRegSA-Notification-Security-Compromise-S22-POPIA-20210922.pdf

Get all your CPD online. SA Accounting Academy (SAAA) offers Subscription Plans, Live Webinars, Webinars On-Demand, Access to Experts, Courses, Articles and more: https://cpd.accountingacademy.co.za.