CNIL Unveils 2017 Inspection Program and 2016 Annual Activity Report
On March 28, 2017, the French Data Protection Authority (“CNIL”) published its Annual Activity Report for 2016 (the “Report”) and released its annual inspection program for 2017.
Statement from the regulator on the SASSA debacle
The Information Regulator welcomes the decision of the Constitutional Court in the case of Black Sash Trust v Minister of Social Development and Others.
30 May 2017 - PoPI Update 2017
With the Information Regulator South Africa having started work last year December, the POPI Act is now a reality. The time for compliance is now!
Introducing: South Africa's first DPA
South Africa's first data protection authority is in the process of setting up shop, but local legal professionals are skeptical about how well-resourced it will be.
Cyber-security needs more than rules
Africa’s eHealth’s not strong on cyber-security rules and regulations. They’re essential, but a survey of ICT security experts in the US by Level 3 Communications says they’re not enough.
Security specialist identifies security breaches in apps
The Pradeo Lab, a worldwide leader in mobile devices and applications security, analysed the mobile applications of 50 of the world’s top 100 banking establishments to identify security breaches.
Ster-Kinekor website flaw puts 7 million users' data at risk
Up to 7 million South Africans have purportedly fell victim to a data leak on a website belonging to local movie theatre chain Ster-Kinekor.
How fake data could lead to failed crops and other woes
There's a new cyber threat on the horizon. And it's fiendishly subtle and potentially very dangerous.
Privacy of Sassa beneficiary information a concern - researcher
A political activist and researcher believes citizens should be extremely concerned about how the (Sassa) is treating the personal information of its grant beneficiaries.
Information Regulator to promote access, protection of personal info
Newly-appointed members of the Information Regulator (South Africa) were introduced for the first time by the Justice and Constitutional Development Deputy Minister.
2016: Data breach statistics
The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).
Nigerian Cybercrime matures, Morphs
INTERPOL, security researchers see West Africa cybercrime scene expanding and getting more sophisticated. This is not your parents' Nigerian scam.
Yahoo CEO Loses Bonus Over Security Lapses
Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches finds they failed to properly comprehend or investigate the severity of the attacks.
ITRC Breach Statistics 2005 - 2016
ITRC Breach Statistics 2005 - 2016
Asking the right questions about PoPI and Compliance
Digital transformation is touching every sector as well as every industry, disrupting the traditional market leaders, value chains and conventional ways of doing business along the way.
Light at the end of the PoPI tunnel
The PoPI Act stipulates how companies may collect, handle, store and discard information, with heavy penalties for those that fail to comply.
Information Regulator Briefing
"Ensuring protection of your personal information and promotion of access to information”. We have chosen this as our tag line because this is exactly what we have been set up to do. Our intention is to ensure that the mention of the word "information" is associated with the "Information Regulator".
Since we took office on 1 December 2016, we have been hard at work conceptualizing and thinking through the type of organization we want to establish. We think it is important for us to build a solid foundation for this organization. We are in Cape Town for a number of official meetings and we thought it would be appropriate to take advantage of our presence here to brief some of our stakeholders on the work we have done since we took office.
PRIVACY PROTECTION: How likely are you to outsmart an identity thief?
Can you outsmart an identity Thief? In the past 6 years over $112 billion has been stolen, in the US alone, by identity thieves. In the UK ID theft rose more than 30% last year. How likely are you to be a victim of one of the world's fastest growing cyber crimes?
75,000 data protection officers needed by 2018 to handle EU Law
US alone will need 9,000 DPO's to meet GDPR mandates, says international Association of Privacy Professionals - but don't expect that many new job listings.
Regulatory quagmire awaits SA's IT businesses
This year will present a regulatory quagmire for South African organisations, especially those involved in the information technology space.
NAB accidentally sends 60,000 overseas customers banking details to wrong email.
National Australia Bank (NAB) has accidentally sent the account details belonging to 60,000 overseas customers to an incorrect email address.
1 December 2016
Information Regulator Inaugural Meeting
The Information Regulator held its inaugural meeting on 1 December 2016 in Pretoria to commence wit their duties and functions.
Responsibilities were allocated as follows:
Adv Lebogang Stroom-Nzama was designated as a full time member responsible for the Promotion of Access to Information Act of 2000; and
Adv Collen Weapond was designated as a full time member responsible for the Protection of Personal Information Act.
PoPI: Over 1 billion Yahoo accounts were hacked in 2013
SAN FRANCISCO — Yahoo, already reeling from its September disclosure that 500 million user accounts had been hacked in 2014, disclosed Wednesday that a different attack in 2013 compromised more than 1 billion accounts. The two attacks are the largest known security breaches of one company’s computer network.
Is privacy becoming passé?
Instagram has more than 200 million active users every month. WhatsApp has more than 500 million active users every month. But, even these are far exceeded by Facebook, which has more than 1.79 billion active users every month.
PoPI Act: neither friend or foe - just good business sense
The Protection of Personal Information Act (PoPI) has been the cause of much concern in the South African business landscape. Promulgated in 2013, it has not yet come into effect entirely, but once it has been implemented businesses will have one year to comply with the regulations laid down in the Act.
26 October 2016
President Jacob Zuma appoints Chairperson and Members of the Information Regulator
The members of the Information Regulator have been appointed with effect from 1 December 2016 and will serve the Information Regulator for a period of five years.
The members are:
i. Advocate Pansy Tlakula as full-time member and Chairperson
ii. Advocate Lebogang Cordelia Stroom and Mr Johannes Collen Weapond as Full-time members, and
iii. Professor Tana Pistorius and Mr Sizwe Snail Ka Mtuze as part-time members of the information Regulator.
Privacy: What the internet gives, the internet may also take away
Aristotle may have been one of the first to consider the distinction between our private lives and our public ones, but for the longest time it was not a real thing. Privacy laws - and the principles that underpin it - are quite new and, just as we are settling into taking it for granted, we are rapidly losing it again, unless we are all a lot more careful.
Appointment of PoPI Regulator could mean earlier implementation
South Africa's parliament voted recently to appoint an Information Regulator and the National Assembly voted in favour of the nomination of the five candidates to run the regulator. On 26 October 2016, a government statement confirmed the appointment of Pansy Tlakula as full-time member and chairperson of the Information Regulator...
PoPI : Cyber security warrants healthy paranoia
Issues and concerns around cyber security are a persistent topic of conversation; this is for very good reason, according to Marthinus Pretorius, Risk Management & Compliance Officer at e4, who says a little paranoia is healthy and even necessary when it comes to protecting valuable business information.
Grace period for PoPI compliance nearly over
The grace period for compliance to the Protection of Personal Information Act (PoPI) is nearly over. For the first time, the South African National Assembly voted in favour of the appointment of the Information Regulator for PoPI.
PoPI: Do we really need to regulate the internet of things?
The regulation of Spectrum in South Africa is a hot topic for the telecommunications market, but one fundamental component that people don’t often think about is its biggest benefactor: the Internet of Things. The IoT, as it is abbreviated, is the catch-all phrase for how the world is moving forward in terms of technology.
Right to Privacy? What privacy?
The Protection of Personal Information Act is not yet in full effect, which is why political parties and scammers are still able to buy lists, writes Georgina Crouth. At municipal election time, I don’t particularly care for the posters and billboards punting the governing party, nor those of the opposition.
Five ways PoPI will change marketing research as we know it
The implementation is of the Protection of Personal Information Act, No. 4 of 2013 (POPI) is proceeding apace. A five-member information regulator (IR) has been established, with ten candidates being nominated and the former IEC chairman Advocate Pansy Tlakula recommended as its chairperson.
PoPI: Are You Protecting Your Customer’s Data?
The collection, usage and sharing of personal information is regulated primarily by the Protection of Personal Information Act 4 of 2013. The Act was recently promulgated and is yet to be implemented.
PoPI : Google Data Breach Triggered by a Human Error
Google has been breached! Did we catch your attention? Any news concerning Google and a data breach is worth your full attention. It proves that no company is invincible, Google included. So, what exactly happened?
Why security matters when it comes to PoPI
The Protection of Personal Information (PoPI) Act has been signed into law and will soon be implemented. This particular piece of legislation has been on the horizon for some time, and most companies have started to put in place processes to ensure they are compliant.
PoPI : Business Email Compromise: How Big Is the Problem?
The business of executive email hacking is booming. Wedging themselves deeply inside company email systems, fraudsters are stealing hundreds of millions of dollars by impersonating key personnel and initiating large wire transfers.
PoPI: The human problem at the heart of Snapchat’s data breach
Snapchat says it's "just impossibly sorry" for a recent data breach that exposed payroll information of some current and former employees on Friday. The Snapchat data wasn't stolen by a coding mastermind who penetrated the company's servers using some unknown flaw.
PoPI: 4 Stolen Health Databases Reportedly for Sale on Dark Web
A hacker is reportedly selling on the dark web copies of databases stolen from three unidentified U.S. healthcare organizations and one unnamed health insurer containing data on nearly 10 million individuals for prices ranging from about $96,000 to $490,000 in bitcoin for each database.
PoPI: Laptop Breach May Affect 400,000 Prisoner
The recent theft of an unencrypted laptop that may contain information on up to 400,000 inmates who served time in California prisons has been added to the federal tally of health data breaches. Experts say notifying all those potentially affected could prove challenging.
PoPI: Transborder information flows – are you complying with FICA?
We live in an internet-era, where the vast majority of people use the internet in order to transact and communicate with people who are living in different parts of the world. The transacting with and processing of personal information often involves the transfer of personal information across borders.
PoPI: Cyber Crime
It was estimated by ISACA -- previously known as the Information Systems Audit and Control Association® - - that there could be as much as 5.4 billion internet-based connected devices by the year 2020. And these estimates may even exceed their original projections as technology advances with its prolific and widespread adoption.
PoPI: Information Regulator delay leaves citizens unprotected
A further delay in the appointment of SA's Information Regulator is extending the time in which South Africans are being denied protection of their personal information and rights to privacy, according to experts. MPs will only be able to re-vote on the appointments of the Information Regulator positions when Parliament reopens after the 3 August local government elections.
Many businesses still ill prepared for PoPI - survey
Cape Town - A recent survey has raised concern about a lack of awareness among South African organisations about the legal requirements around storing and disposing of confidential data outlined in the Protection of Personal Information (Popi) Act.
PoPI: It may not be fashionable but privacy is a useful right
With data a powerful tool, the new information regulator needs to be a watchdog, writes Janet Smith, but spend too little and it could be a lapdog . On Tuesday, the former chief electoral officer at the Independent Electoral Commission (IEC), advocate Pansy Tlakula, joins nine other shortlisted candidates as interviews start for the biggest new job in government: the information regulator.
PoPI: Tlakula set to chair Information Regulator
Former IEC chairwoman Pansy Tlakula has been recommended as the chair of the newly formed Information Regulator. Tlakula was recommended for the top post during a meeting of the justice & correctional services committee on Tuesday.
PoPI: Your exposure to ID theft laid bare
Your name, identity number, phone number, gender, age, race, religion, sexual orientation, criminal record, medical history, blood type, fingerprints and photograph are all classified as “personal information” in terms of the Protection of Personal Information Act – also known as POPI.
New EU Data Protection Regulation could affect SA
South African businesses processing the data of European Union (EU) subjects will have to make sure they comply with new EU data regulations. This is according to Striata director Alison Treadaway, who says this may be particularly onerous on companies that take advantage of the weak rand to provide cost-effective outsourcing services to EU-based businesses.
Data security at the heart of PoPI
As the implementation of the Protection of Personal Information Act (POPI) gradually comes closer, South African organisations are wondering how best to prepare for it. The key is to understand that data security lies at the heart of POPI compliance, argues Godfrey Kutumela, Head of Security & Cyber Crimes Prevention Unit at IndigoCube.
PoPI: Stop forcing credit and funeral plansdown my throat
Last night I got home to find an envelope addressed to me. I could see that it was from a financial service provider that I have never contacted for queries or services. Usually I just bin junk mail without giving it a second thought, but since this specific company has been smsing me for months, I was curious to see just how much of my information they have.
PoPI: Phone contract extended in scam
But it is quite disturbing to be scammed by an employee of your service provider who has access to your personal details like salary slips and identity documents. The Protection of Personal Information (Popi) Act has been promulgated to ensure that customers are protected from any sort of fraudulent activity and prejudice they may suffer due to the reckless conduct of service providers.
PoPI and PC recycle
Cape Town – Companies stand to decrease costs by recycling old computer equipment that may still be useful, says an insider. As the falling rand results in higher costs for PCs, firms that re-purpose functioning laptops could reduce costs and help the bottom line, said Xperien, which specialises in asset disposal.
Mobile Applications and PoPI
The cyber-industry of mobile application development for smartphones and tablets Apps is an area that has gained exponential growth over recent years. A report compiled by Kleiner Perkins Caufield & Byers, an American venture capital firm, in 2015 revealed that over half of South Africa’s internet traffic came from mobile devices.
The Portfolio Committee on Justice and Correctional Services today shortlisted candidates for vacancies on the South African Human Rights Commission (SAHRC) as well as the Information Regulator. The Committee received a total of 73 CVs for the positions. The Committee shortlisted eight candidates for the two vacancies at the SAHRC. These candidates will at a later stage be called for interviews.
PoPI Asset Disposal
Executives responsible for IT asset management need to understand the principles of IT Asset Disposal (ITAD) and they need to consider regulatory compliance and the protection of company information.
Is PoPI your Friend or Foe?
Is the Protection of Personal Information (PoPI) Act just another piece of legislation trumped up by politicians or is it just good business practice that has been neglected over the years?
Budget allocated for PoPI regulator
The POPI Regulator has received an allocation in the 2016 National Treasury Budget tabled in Parliament. It is interesting because it gives us an indication of what the regulator will look like and when it is likely to be established.
PoPI: Privacy is coming of age
The world population has reached 7.4 billion, with 1.3 billion people routinely working remotely and according to Gartner, there will 6.4 Billion Connected "Things" in use this year, up 30% from 2015, suggesting human behaviours are changing at a staggering pace.
Protection of Personal Information PoPI protection
The pace at which new and emerging technologies are penetrating and disrupting every aspect of our lives is far outstripping the pace at which lawmakers can keep up. As a result, regulators — and consumers — are looking to companies to assume accountability for privacy.
PoPI: Privacy trends 2016
As an essential part of the Global Information Security Survey (GISS) 2015, we asked 630 participants to answer questions focused on the privacy issues facing organizations today. In this GISS 2015 privacy questionnaire, 38% of respondents admit that they address security in new business processes and technologies, but not privacy specifically.
The Protection of Personal Information Act (PoPI) Ethics
Data ethics is a subject our industry has largely ignored, avoided and failed to acknowledge as important. This neglect is almost certainly caused by fear — fear that examining the question would expose us as doing wrong; fear that ethics might stifle innovation; fear that the ethical questions are insoluble and intractable.
PoPI : Sim Swap Victim - FNB
Johannesburg - Cape Town audiologist Gail Jacklin, who lost over R200 000 in a SIM-swap scam earlier this year, says she is emotionally drained and has lost trust in FNB and MTN. Earlier this week, private consulting forensic scientist Dr David Klatzow told Fin24 about how MTN failed to prevent an unauthorised SIM-swap of Jacklin’s phone, which resulted in fraudsters stealing from her FNB accounts.
The Protection of Personal Information (PoPI) Small Business
In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to transform Government, business and the ways in which we interact with each other. Cyber crime undermines confidence in our communications technology and online economy.
PoPI - Legal profession
Summary of data security incidents relating to solicitors and barristers reported to the ICO in 2015/16.
PoPI - Data Breaches
Cape Town – Just five data breaches were registered in South Africa in 2015 but this figure may not show the whole picture, says digital security services company Gemalto. The company has released its Breach Level Index which shows that, globally, 3.6 billion data records have been exposed since 2013.
It is widely expected that the long-awaited Information Regulator will be appointed during the next few months. When that happens, the Protection of Personal Information Act (No. 4 of 2013) (POPI) Act will start to come into force.
PoPI is near
POPI, or the Protection of Personal Information Act 4 of 2013, is nearing its long-awaited implementation. It looks like POPI is back on track, and Parliament is proceeding to appoint the information regulator, which should be in place by July 2016.
Jail threat for company bosses over PoPI
Cape Town – Company executives who fail to secure data in South Africa may face jail time, the Protection of Personal Information Act, known as Popi says. However, while the act specifies prison time for people who fail to keep personal information confidential, SA has not yet fully implemented the legislation.
The PoPI act and record management
The anticipated commencement date of the POPI Act is mid-2016, this will allow organisations a grace period of a year to become compliant (mid 2017). Organisations therefore will need to deploy a Records Management Solution within this grace period.
PoPI: 2015 data leaks
The volume of data breaches and cyber attacks that marked 2015 could be appropriately described as a ‘cascade’ or ‘torrent’, or perhaps ‘maelstrom’. There have been breaches of highly sensitive data (including that of children), targeted attacks on government agencies such as the US’s OPM and Germany’s Bundestag, and an alarming number of well-orchestrated DDoS attacks.
PoPI: Its Data privacy day
You already know companies track your behavior in Web browsers and mobile apps, and soon they'll monitor you through your smart refrigerator and fitness band. Yep, you're a walking, talking data source.
PoPI Act crucial component in addressing Cyber Crime
If one considers that between 70% and 80% of South African adults have been victims of cybercrime in their lifetime, the Protection of Personal Information (POPI) Act is an essential leap forward in South African legislative terms, as it is the first piece of legislation to specifically address, as its main objective, the protection of personal information.
PoPI: Dont let your staff get caught out!
According to the 2015 Data Breach Investigations Report by Verizon, the three main traditional categories of staff-related incidents are:
- 30% – Sensitive information reaching incorrect recipients
- 17% – Non-public data published on public web servers
- 12% – Insecure disposal of personal and medical data
PoPI: Over 22,000 USB sticks may have been left in dry cleaners
As many as 22,000 USB sticks may be left in dirty clothes and handed in to UK dry cleaners every year, with nearly half never returned, according to new research from security vendor Eset. The firm surveyed 500 launderettes and dry cleaners around the country and extrapolated its findings based on the 5,839 such businesses nationwide.
PoPI: Transferring personal information across borders
At the end of last year, the Court of Justice of the European Union ruled that the EU Safe Harbour Decision (permitting the transfer of personal data to the US) was invalid as the US did not provide an adequate level of protection of personal data within the meaning of Article 25 of Directive 95/46.
PoPI: 780 patients
The 56 Dean Street clinic in Soho – one of Europe’s busiest sexual health clinics – has apologised after mistakenly revealing the names and addresses of 780 patients with HIV in an email. Recipients of an emailed newsletter were supposed to be blind-copied, but whoever sent it mistakenly copied email addresses into the “To:” field rather than “BCC:”.
PoPI: For the EU's new data protection regulation encryption should be the default
There are many regulations and industry standards that require that stringent safeguards are applied to personal and sensitive data. Of these, the EU data protection rules affect many organisations. Now, they are set to get tougher, with higher sanctions available for non-compliance and affecting a wider range of organisations than previously.
PoPI: Data management is undergoing substantial changes
The South African legislative environment is constantly changing - often before, business has become completely comfortable with its responsibilities under the prior legislation. Irrespective of which industry you work in, data is your most valuable resource. It pours into organizations from every possible source, operational and transactional systems, mobile and the web.
When will PoPI come into force?
To give effect to the constitutional right to privacy, on 20 August 2013, the National Assembly passed the Protection of Personal Information Bill (B9D of 2009), which is largely based on the European Data Protection Directive (to be replaced in due course by the stricter General Data Protection Regulation).
PoPI: The danger from Within: Banks
While many companies work diligently to guard against external cyber threats, a number of banks are taking steps to protect themselves from another dangerous, yet equally damaging source — their own employees. According to the Association of Corporate Counsel, at least 30 percent of data breaches during 2015 were caused by seemingly harmless employee errors.
PoPI: 13 ways to protect your employees
Just as you have a right to protect your company's privacy, so your employees have a right to privacy too. And since the President signed the Protection of Personal Information Bill (POPI) last month, you now have a legal duty to protect your employees' information! Here are the top 13 ways you can keep your employee's information safe and sound...