Contact

Burglar bars for data

Back to top

Burglar bars for data

2 Jul 2015 3 min read Article

Cyber-espionage is on the rise, with increasing amounts of state secrets and intellectual property being stolen by hackers.  Cyber-criminals are phishing banking details and are able to empty bank accounts. As a result of these cyber-security breaches, personal information can be intercepted and shared without consent.

The recent cyber security breach affecting the United States Federal Government  in early June 2015, is just one example of the global phenomenon showcasing the threat to the privacy of personal information. The breach occurred just one day after Edward Snowden revealed that the National Security Agency was monitoring American citizens' international internet traffic in an attempt to identify and prevent hacking from anyone outside of the United States. The database contained personal information of thousands of employees at the Office of Personnel Management, including their identity numbers, names, addresses, telephone numbers, biometric information, gender and religion.

With technological advances and an increase in highly skilled, sophisticated cyber-criminals, it is proving to be exceptionally difficult to protect information, even information which is regarded as highly confidential. IT specialists are constantly having to increase their level of security and modus operandi to protect information from hackers. Their primary focus being on access control management, tracking and auditing, anonymity, encryption, separation of data, data reconstruction and destruction policies, with IT security being a moving target.

From a South African perspective, the Protection of Personal Information Act imposes obligations on organisations to protect personal information, including by implementing appropriate, reasonable technical and organisational safeguards to prevent loss of, damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information. Responsible parties under the Act are obliged to take  measures to identify all reasonable foreseeable risks, establish, maintain and regularly verify safeguards against such risks and update such safeguards to account for new risks identified. Although the Act does not impose specific measures to be taken, it does oblige responsible parties to have due regard for generally accepted information security practices and procedures.  Certain provisions of the Act have commenced but the Act is not yet fully in force and the commencement date (which will be by way of proclamation by the President) is awaited. The Act does at least provide a framework to ensure the protection of personal information but parties will need to implement the means with which to prevent data breaches.

In an article by Trevor Hughes' article entitled "The massive federal breach: why Infosec will never be enoughhttps://privacyassociation.org/news/a/the-massive-federal-breach-why-great-infosec-will-never-be-enough/he acknowledges that IT departments in government or business are able to institute controls to prevent hacking or breaches of databases. He recognises, however,  that the role of IT departments falls in the realm of breach prevention,  but that advances in technology now require more than protective software. Privacy and IT professionals need to work together to inventory the data, making sure that all the personal information they have on their databases is useful or necessary. They should then ensure that the data is in a format that would be useless to hackers in the event that they do breach the databases. Companies and organisations need to put data policies in place that ensure that risks are mitigated, including by stipulating the period of time documents need to be retained for and a list of persons that may have access to the data. Data protection does not happen in a vacuum and therefore all employees dealing with personal information within a company, organisation or state department must undergo data protection training. 

Accordingly, in a world which turns on data and online transacting, a significant degree of vigilance is required to mitigate the risk of a breach occurring and the extent of the damage which may flow therefrom. South African companies are urged to become aware of the provisions of the Protection of Personal Information Act and to implement appropriate measures to meet the requirements imposed by the Act and also to ensure that data breach risks are mitigated.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

28 Aug 2023

by Abednego Mutie

The Kenya Citizenship and Immigration (Amendment) Bill, 2023: Streamlining processes

Kenya is a vibrant nation and economy in East Africa, and has long been the home of diverse cultures, attracting immigrants from around the world. The country’s immigration laws and regulations manage the entry, stay and exit of individuals in the country. These laws govern various aspects of immigration, including visas, work permits, citizenship and refugee protection. The country’s main legislation on immigration is the Kenya Citizenship and Immigration Act 12 of 2011 (Act) and the regulations thereunder, which provide for matters relating to citizenship, issuance of travel documents, immigration and connectedpurposes. 

Immigration

6 min read

21 Aug 2023

by Lydia Owuor

CDH extends a warm welcome to Lydia Owuor, our latest Partner addition in Nairobi

Lydia joins us as a distinguished advocate and seasoned commercial real estate professional, bringing with her a wealth of expertise and accomplishments.

Firm News

2 min read

2 Apr 2024

by Burton Meyer, Gabriella Schafer and Dylan Greenstone

Settlement agreements: Creditors, secure your victory and don’t stop half way, debtors beware

Before a court decides on the outcome of a case, parties involved may agree to settle their dispute. However, it’s important to understand that when a settlement agreement is made an order of court, it holds the same weight and authority as any other ruling issued by acourt.  

Dispute Resolution

4 min read

26 Feb 2024

by Desmond Odhiambo and Sara Ndei

Missed opportunities: The implications of squandering a disciplinary hearing

In employer-employee workplace tales, a person decrying unfair termination is a common scenario. But what about the instances where the employee had a chance to tell their side of the story in a disciplinary hearing, but they let it slip away? This is the story in the case of Okun v Kenyatta University (Cause 363 of 2019) where the employee sought a declaration from the court that his employment was terminated unfairly. The twist is that the employer had extended two invitations to the employee to appear before a disciplinary committee, which were postponed at the request of the employee. Thereafter, it sent a third invitation which the employee refused to honour entirely. What is the implication of squandering the termination process in thisway? 

Employment Law

3 min read

2 Aug 2023

by Hilary Chapfuwa and Tendai Jangara

Addressing unauthorised, irregular, fruitless and wasteful expenditure (UIFW) in municipalities

On 31 May 2023, the Auditor-General, Tsakani Maluleke, released the Consolidated General Report on Local Government Audit outcomes for the 2021-22 financial year. Unauthorised, irregular, fruitless and wasteful expenditure (UIFW) continues to be a challenge in municipalities, with only 38 out of 257 obtaining clean audits. Officials with the requisite financial skills as well as effective budgeting and controls are required to address this ongoing issue.

Corporate & White Collar Investigations

9 min read

23 May 2023

High Court considers the impact of loadshedding on fundamental constitutional human rights

On Friday, 5 May 2023, a full court of the Gauteng Division of the High Court sitting in Pretoria delivered a judgment in United Democratic Movement and Others v Eskom Holdings SOC Ltd and Others Case No: 5779/2023, compelling the Minister of Public Enterprises (Minister) to take all reasonable steps within 60 days from the date of the order, whether in conjunction with other organs of state or not, to ensure that there is sufficient supply or generation of electricity to prevent any interruption of supply as a result of loadshedding to all public health facilities, public schools and police stations.

Dispute Resolution

5 min read

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline