Cybersecurity

CHALLENGES TO POPIA COMPLIANCE AND ENFORCEMENT

It has been a few months since the grace period for the coming into full operation of the Protection of Personal Information Act, 4 of 2013 (“POPIA”) lapsed.  The hype and frenzy around POPIA compliance is slowly dying down.  This may be because most organisations have taken the steps to ensure they are POPIA compliant or they are ‘testing the [...]

THIS MEETING IS BEING RECORDED: DO YOU HAVE TO CONSENT TO IT?

The use of video conferencing tools have surged with the COVID-19 pandemic.  When organising virtual meetings, meeting organisers frequently request from attendees their consent to use the recording functionalities as it is convenient to prepare minutes, keep accurate records of the meetings and easier to share with colleagues who might not have been able to attend the meetings.  There is [...]

Should contracting parties include a cybersecurity clause?

Cyber attacks are fast becoming the norm in our society.  The COVID-19 pandemic has accelerated this with a 485% increase of ransomware reported in 2020.  A cyber attack to an organisation’s system impacts more than just an organisation.  The impact can extend to clients, suppliers, contractors, and employees.  A cyber attack is even worse in instances where personal data is [...]

Cyber attacks and reporting obligations under POPIA

The month of October, known as the Cybersecurity Awareness Month, comes at a time when South Africa is reeling from the effects of a plethora of security breaches and cyber attacks that have plagued the country since the beginning of 2021.  The most recent security breaches and cyber attacks targeted Transnet and the Department of Justice and Constitutional Development.  Section [...]

Inaugural Global Encryption Day – 21 October 2021

Today marks the inaugural Global Encryption Day.  This is an initiative by the Global Encryption Coalition (“GEC'').  The GEC is composed of the Democracy & Technology, Global Partners Digital, the Internet Society and over 180 organisational members including civil society organisations, business and trade associations, and individual members including technical and cybersecurity experts and academics.   The initiative is an opportunity for businesses, civil society organisations, technologists, and internet users worldwide to show why encryption matters and why people [...]

NEW EU SCC’s: IMPACT ON SOUTH AFRICAN BUSINESS

On 4 June 2021, the European Commission adopted two new sets of Standard Contractual Clauses (“2021 SCCs”). The 2021 SCC’s will replace the old SCC’s adopted in 2010.  The adoption of new SCC’s is to reflect the changes to European Union (“EU”) data privacy law, under the General Data Protection Regulation 2016/679 ("GDPR") and the Schrems II decision((Case C-311/18 Data Protection Commissioner [...]

South Africa’s ports, pipelines and hospital networks are critical infrastructure: protecting them from cyberattacks is non-negotiable

Maersk and Transnet cyberattack parallels On 27 June 2017, shipping company – Maersk – faced its biggest crisis.  NotPetya, a type of ransomware, had spread through its global computer network in 7 minutes[1], destroying 49,000 of its laptop computers.[2]  17 of its terminals across the globe were hacked. The NotPetya attack was so rapid, that at the Maersk terminal in [...]

By | 4th August, 2021|4IR, Cybersecurity, Information Security, Technology Law|

Can Transnet rely on force majeure for its ransomware cyberattack?

Transnet, on 22 July, suffered what it has called “a cyber attack”. As a result of this disruption, Transnet could not provide the services it usually provides, which include loading and offloading containers from ships. Transnet, whose ports, railways and pipelines are critical infrastructure, is crucial to the functioning of South Africa's economy, declared force majeure on the same day [...]

By | 3rd August, 2021|4IR, Cybersecurity, Data Protection, Information Security, IT Law, Technology Law|

Dissecting the Cybercrimes Act – The crime of hacking (part 1)

Introduction If we put aside the misery around Covid-19 for a moment, we can notice that a lot of exciting developments have taken place and are still taking place in South Africa’s legislative landscape. We are 5 months away from POPIA[1] coming into full effect. By 1 July of this year, both private and public companies, organisations and institutions will [...]

By | 26th January, 2021|4IR, Cybersecurity, Data Protection, IT Law, PPM Attorneys, Privacy Law, Technology Law|

Decentralised Finance: What is it and how is it regulated in South Africa?

What is Decentralised Finance? Decentralised Finance (DeFi for short) is a financial system built on public blockchains such as BitCoin and Ethereum.  Blockchains refer to a list of data records that work as a decentralised digital lender.  The data in a specific blockchain is organised into blocks, which is chronologically arranged and secured by cryptography.  The oldest and safest blockchain [...]