EDITORIAL: SA laws lagging in cybercrime fight
Loading player...
Just over a month after the law governing the protection of personal data came into force, South Africans were rattled by one of the biggest data breaches when Experian, one of the world’s top credit bureaus, became the latest cyber attack victim.
The hack of Experian’s SA division exposed the personal information of as many as 24-million South Africans and almost 800,000 businesses, said the SA Banking Risk Centre (Sabric), a nonprofit organisation set up by lenders to combat bank-related organised crime, in a statement on Wednesday.
The breach at Experian — which generates credit scores based on consumer borrowing and payment habits, which are used by banks and retailers assessing a customer debt application — shines a harsh spotlight on the legal framework dealing with both cybercrime and protection of personal information.
The first line of defence is obviously the strong protective walls built into computer systems by companies that have stored vast amounts of consumer personal data on their servers. But there also needs to be a robust legislative framework to penalise those with weak defences, and investigate and prosecute criminals for breaching them.
Sadly, SA has lagged far behind other countries for a long time even though it has the third-highest number of cybercrime victims in the world, with banks being prime targets, according to consultancy house Accenture. The World Economic Forum estimated that SA businesses lost R5.8bn in 2015 due to cybercrime.
Just this week Momentum Metropolitan, one of SA’s biggest insurers, said it had also suffered a data breach in which administrative and financial information was accessed. Other companies that have fallen victim to cyber attacks in the past two years include Life Healthcare, Nedbank, Omnia and Liberty Holdings.
It is a good thing that the Protection of Personal Information Act, which has been in the making since at least 2013, is now in force after President Cyril Ramaphosa proclaimed July 1 2020 as the commencement date.
The objective of the law is simple but important: “A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures.”
The new law will be enforced by the constitutionally mandated information regulator, Pansy Tlakula, the former head of the Independent Electoral Commission. But her hands are tied until at least July 1 2021 when the grace period for companies to meet compliance ...
The hack of Experian’s SA division exposed the personal information of as many as 24-million South Africans and almost 800,000 businesses, said the SA Banking Risk Centre (Sabric), a nonprofit organisation set up by lenders to combat bank-related organised crime, in a statement on Wednesday.
The breach at Experian — which generates credit scores based on consumer borrowing and payment habits, which are used by banks and retailers assessing a customer debt application — shines a harsh spotlight on the legal framework dealing with both cybercrime and protection of personal information.
The first line of defence is obviously the strong protective walls built into computer systems by companies that have stored vast amounts of consumer personal data on their servers. But there also needs to be a robust legislative framework to penalise those with weak defences, and investigate and prosecute criminals for breaching them.
Sadly, SA has lagged far behind other countries for a long time even though it has the third-highest number of cybercrime victims in the world, with banks being prime targets, according to consultancy house Accenture. The World Economic Forum estimated that SA businesses lost R5.8bn in 2015 due to cybercrime.
Just this week Momentum Metropolitan, one of SA’s biggest insurers, said it had also suffered a data breach in which administrative and financial information was accessed. Other companies that have fallen victim to cyber attacks in the past two years include Life Healthcare, Nedbank, Omnia and Liberty Holdings.
It is a good thing that the Protection of Personal Information Act, which has been in the making since at least 2013, is now in force after President Cyril Ramaphosa proclaimed July 1 2020 as the commencement date.
The objective of the law is simple but important: “A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures.”
The new law will be enforced by the constitutionally mandated information regulator, Pansy Tlakula, the former head of the Independent Electoral Commission. But her hands are tied until at least July 1 2021 when the grace period for companies to meet compliance ...
