SHOCKING TRUTH: Data Security Compromises Soar as Companies Remain Clueless
A staggering surge in data breaches has left South Africa’s Information Regulator scrambling to keep up with the crisis, with companies still unaware of the severity of the problem. Despite a significant increase in reported security incidents, many organizations are still failing to notify affected customers and stakeholders in a timely manner, putting sensitive information at risk.
According to Advocate Collen Weapond, a full-time member of the InfoReg, the number of data breaches reported by local firms has skyrocketed, with over 1,700 incidents reported in the 2023 financial year alone. This is a tripling of the number reported in the previous year, and a stark reminder that data security is still a major concern in South Africa.
"We’re seeing a massive increase in data breaches, and it’s clear that many companies are still unaware of the severity of the problem," Weapond warned. "While there has been an improvement in reporting, there are still gaps in certain areas – including the failure to notify data subjects of security compromises within reasonable time, as per the requirements of the Protection of Personal Information Act (POPIA)."
Under POPIA, organizations are required to inform the InfoReg if they expose personal information to unauthorized third-parties without consent. Failure to comply can result in fines of up to R10 million or 10 years of imprisonment.
The InfoReg has issued one fine to date, to the Department of Justice and Constitutional Development, but Weapond warns that more fines are likely to follow. "We’re taking a close look at each case, considering factors such as whether it’s a first-time offense, the severity of the breach, and which sections of the Act have been failed to comply with," he said.
The crisis has led to a renewed focus on data security, with the InfoReg signing a memorandum of understanding with the Eswatini Communications Commission (ESCCOM) aimed at promoting cooperation and regulation of laws protecting personal data.
As the InfoReg continues to battle the surge in data breaches, it’s clear that companies must take immediate action to ensure the security of their customers’ sensitive information. The stakes are high, and the consequences of failure can be devastating.
