31 Records are lost or stolen every second in South Africa due to data breaches
  • Posted 26 May 2017

31 Records are lost or stolen every second in South Africa due to data breaches

According to Camargue Specialised Liability Management, just two years ago, 974 million company records were lost or stolen in South Africa alone – which is 31 records every second!

With the way paved for the implementation of the Protection of Private Information Act (POPIA) in the next couple of years, it is important for companies to comply with the Act and protect their records in the face of a breach of privacy.

On a global scale, a “WannaCry” ransomware cyber-attack has recently hit and crippled over 300 000 thousand computers in at least 150 countries in the world. This gives South African companies more reason to comply with POPIA.

The attack reportedly started on 12 May 2017 and was so vast, it hit Britain’s National Health Service (NHS) affecting over 48 NHS trusts, GP’s, surgeries and pharmacies.

Below is an image highlighting the affected areas.

 Image Source: EWN

What is the “WannaCry” ransomware?

It’s a malware that consists of a Trojan horse embedded within a hyperlink, advert or webpage – usually received in an email attachment one opens.

Once you click on the link, the virus gains entry into your computer. The malware then encrypts or locks files in your computer and the attackers are the only people able to open them.

IOL reports that according to local IT security strategist, Pieter Erasmus - “once the data on a PC has been encrypted by the malware, the only way to unlock it, is to pay the ransom, however odious that may be.” This cost ranges between R4,000 and R8,000.

 

The importance of POPIA compliance and fortification of private records

Attackers typically get into a computer system or network and spend time mapping out the network, looking for the most valuable data or key systems to affect. This increases the magnitude of the attack.

Therefore, it is more important than ever for compliance officers to fully understand how to protect data and their roles in its implementation in their companies. 

Under POPIA, some of the actions provided for by cyber insurance cover will become mandatory. iToo IT by Hollard recommend companies start complying now in securing their information.

For example, if cyber criminals steal a bank’s customer data and use it to commit fraud, or take hold of a hospital’s confidential information – much like that of Britain’s NHS - these organisations would be exposed. They can suffer a vast number of costs and damages from:

  • Liability claims from those suffering damages;
  • Investigation costs to determine the cause, contain the issues and understand how to protect against further incidents;
  • Responding to cyber extortion demands such as ransomware; and
  • Loss of profitability, cash flow and a damaged business reputation.

iToo IT expresses that South Africa is generally seen as an easy target, with many local companies falling victim to various forms of cybercrime.

 

Two consequences of POPIA non-compliance

POPIA aims to protect companies and consumers from the potential dangers of data breaches and personal information falling into the wrong hands.

Therefore, the Act seeks to regulate how companies process personal information - from collection, storage, protection to destruction. Compliance officers are responsible to ensure companies continued compliance with the Act. The Act states that companies should only hold personal records and information for as long as required and they must protect the data, to minimise the risk of data breaches and leaks. This piece of legislation has far-reaching implications for all companies.

Compliance officers must take care to understand and implement POPIA in the company they work in. Not only, is it best practice to comply with the legislation, but non-compliance could also result in:

  1. Fines of up to R10 million;
  2. Imprisonment depending on the offence – where prison sentences vary from 12 months for lesser offences, and up to 10 years for gross offences.

With the massive spread of cyber-attacks and ransomware around the globe, it’s clear criminals will keep looking for ways to exploit vulnerabilities, new ways to attack, breach and steal data. Cybercrime is something that must be managed, and compliance with POPIA aims to attain this very goal.

With all the many challenges corporate South Africa faces, the question is, what do you need to do as a compliance officer to mitigate these risks?

The Compliance Institute Southern Africa, has a suite of tools and resources to assist the compliance officer with POPIA and their everyday duties. As a member, you will benefit from receiving crucial information you need to understand POPIA, how it affects your company and best practice management for implementation. Plus, get discounted rates to attend two whole days of critical discussion on compliance topics such as POPIA, and get equipped with the skills you need to successfully navigate the regulatory environment at the 18th Annual Conference.

Go Back