Data Protection

CHALLENGES TO POPIA COMPLIANCE AND ENFORCEMENT

It has been a few months since the grace period for the coming into full operation of the Protection of Personal Information Act, 4 of 2013 (“POPIA”) lapsed.  The hype and frenzy around POPIA compliance is slowly dying down.  This may be because most organisations have taken the steps to ensure they are POPIA compliant or they are ‘testing the [...]

THIS MEETING IS BEING RECORDED: DO YOU HAVE TO CONSENT TO IT?

The use of video conferencing tools have surged with the COVID-19 pandemic.  When organising virtual meetings, meeting organisers frequently request from attendees their consent to use the recording functionalities as it is convenient to prepare minutes, keep accurate records of the meetings and easier to share with colleagues who might not have been able to attend the meetings.  There is [...]

Should contracting parties include a cybersecurity clause?

Cyber attacks are fast becoming the norm in our society.  The COVID-19 pandemic has accelerated this with a 485% increase of ransomware reported in 2020.  A cyber attack to an organisation’s system impacts more than just an organisation.  The impact can extend to clients, suppliers, contractors, and employees.  A cyber attack is even worse in instances where personal data is [...]

Cyber attacks and reporting obligations under POPIA

The month of October, known as the Cybersecurity Awareness Month, comes at a time when South Africa is reeling from the effects of a plethora of security breaches and cyber attacks that have plagued the country since the beginning of 2021.  The most recent security breaches and cyber attacks targeted Transnet and the Department of Justice and Constitutional Development.  Section [...]

Inaugural Global Encryption Day – 21 October 2021

Today marks the inaugural Global Encryption Day.  This is an initiative by the Global Encryption Coalition (“GEC'').  The GEC is composed of the Democracy & Technology, Global Partners Digital, the Internet Society and over 180 organisational members including civil society organisations, business and trade associations, and individual members including technical and cybersecurity experts and academics.   The initiative is an opportunity for businesses, civil society organisations, technologists, and internet users worldwide to show why encryption matters and why people [...]

NEW EU SCC’s: IMPACT ON SOUTH AFRICAN BUSINESS

On 4 June 2021, the European Commission adopted two new sets of Standard Contractual Clauses (“2021 SCCs”). The 2021 SCC’s will replace the old SCC’s adopted in 2010.  The adoption of new SCC’s is to reflect the changes to European Union (“EU”) data privacy law, under the General Data Protection Regulation 2016/679 ("GDPR") and the Schrems II decision((Case C-311/18 Data Protection Commissioner [...]

International Day for Universal Access to Information 2021

Today, 28 September 2021, the world commemorates International Day for Universal Access to Information. It was declared by the United Nations Educational, Scientific and Cultural Organisation on 17 November 2015 and adopted by the United Nations General Assembly on 28 September 2019.  This day highlights the importance of access to information laws, and their implementation worldwide in order to promote [...]

By | 28th September, 2021|4IR, Data Protection, PPM Attorneys, Privacy Law, Technology Law, Telecommunications Law|

WhatsApp fines under the GDPR: A wake up call for businesses to comply

What happened with WhatsApp? The case that Max Schrems filed against WhatsApp back in December 2018 has been finalized at last.  WhatsApp was recently fined by the Irish Data Protection Commission an amount of 225 million Euros, which is over 3,7 billion Rands.  The Irish Data Protection Commission (DPC) is the equivalent of the Information Regulator in South Africa. The [...]

By | 10th September, 2021|4IR, Data Protection, GDPR, IT Law, PPM Attorneys, Privacy Law, Social media law, Technology Law|

Can Transnet rely on force majeure for its ransomware cyberattack?

Transnet, on 22 July, suffered what it has called “a cyber attack”. As a result of this disruption, Transnet could not provide the services it usually provides, which include loading and offloading containers from ships. Transnet, whose ports, railways and pipelines are critical infrastructure, is crucial to the functioning of South Africa's economy, declared force majeure on the same day [...]

By | 3rd August, 2021|4IR, Cybersecurity, Data Protection, Information Security, IT Law, Technology Law|

A step towards POPIA compliance – Vendor Management

In terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), a Responsible Party must comply with POPIA 8 conditions for lawful processing of personal information.  As a business, you may engage the services of other service providers and vendors.  If such third parties are processing personal information on behalf of your business, they are called Operators.  It [...]

By | 7th July, 2021|4IR, Data Protection, PPM Attorneys, Privacy Law, Technology Law|