Information Security

CHALLENGES TO POPIA COMPLIANCE AND ENFORCEMENT

It has been a few months since the grace period for the coming into full operation of the Protection of Personal Information Act, 4 of 2013 (“POPIA”) lapsed.  The hype and frenzy around POPIA compliance is slowly dying down.  This may be because most organisations have taken the steps to ensure they are POPIA compliant or they are ‘testing the [...]

THIS MEETING IS BEING RECORDED: DO YOU HAVE TO CONSENT TO IT?

The use of video conferencing tools have surged with the COVID-19 pandemic.  When organising virtual meetings, meeting organisers frequently request from attendees their consent to use the recording functionalities as it is convenient to prepare minutes, keep accurate records of the meetings and easier to share with colleagues who might not have been able to attend the meetings.  There is [...]

Cyber attacks and reporting obligations under POPIA

The month of October, known as the Cybersecurity Awareness Month, comes at a time when South Africa is reeling from the effects of a plethora of security breaches and cyber attacks that have plagued the country since the beginning of 2021.  The most recent security breaches and cyber attacks targeted Transnet and the Department of Justice and Constitutional Development.  Section [...]

NEW EU SCC’s: IMPACT ON SOUTH AFRICAN BUSINESS

On 4 June 2021, the European Commission adopted two new sets of Standard Contractual Clauses (“2021 SCCs”). The 2021 SCC’s will replace the old SCC’s adopted in 2010.  The adoption of new SCC’s is to reflect the changes to European Union (“EU”) data privacy law, under the General Data Protection Regulation 2016/679 ("GDPR") and the Schrems II decision((Case C-311/18 Data Protection Commissioner [...]

South Africa’s ports, pipelines and hospital networks are critical infrastructure: protecting them from cyberattacks is non-negotiable

Maersk and Transnet cyberattack parallels On 27 June 2017, shipping company – Maersk – faced its biggest crisis.  NotPetya, a type of ransomware, had spread through its global computer network in 7 minutes[1], destroying 49,000 of its laptop computers.[2]  17 of its terminals across the globe were hacked. The NotPetya attack was so rapid, that at the Maersk terminal in [...]

By | 4th August, 2021|4IR, Cybersecurity, Information Security, Technology Law|

Can Transnet rely on force majeure for its ransomware cyberattack?

Transnet, on 22 July, suffered what it has called “a cyber attack”. As a result of this disruption, Transnet could not provide the services it usually provides, which include loading and offloading containers from ships. Transnet, whose ports, railways and pipelines are critical infrastructure, is crucial to the functioning of South Africa's economy, declared force majeure on the same day [...]

By | 3rd August, 2021|4IR, Cybersecurity, Data Protection, Information Security, IT Law, Technology Law|

The “Schrems II” case and what it means for South Africa

On the 16th of July 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield. he EU–US Privacy Shield was a framework regulating exchanges of personal data for commercial purposes between the the European Economic Area ("EEA") and the United States. The CJEU further decided that the standard contractual clauses (“SCC”) adopted by the European Union Commission [...]

POPIA is vital for 4IR law

The fourth industrial revolution (“4IR”) is causing significant changes to the way we live, interact and do business. This is the future of technology, where objects, machines and various other devices connect with each other in a secure, networked environment. 4IR is being driven by intelligent machines that can perform complex tasks automatically by communicating with other machines, with little [...]

ICLG – DATA PROTECTION 2020 IS NOW LIVE – SOUTH AFRICA CHAPTER BY PPM ATTORNEYS

Here's a link to a very useful guide on South Africa's Protection of Personal Information Act, prepared by Delphine Daversin and Melody Musoni as part of the International Comparative Legal Guide (ICLG) - Data protection law and Regulations 2020. This guide, published by Global Legal Guide (GLG) is available on line for 39 jurisdictions. It also includes expert analysis chapters [...]

COVID-19: The importance working paperlessly in law firms

The spread of COVID-19 has negatively influenced the output of work at a global level. It has affected nearly every sector and has ultimately halted cross border trade. As the coronavirus unfolds across countries, many firms have adopted a policy which allows their employees to work remotely. However, considering the number of law firms that are wholly reliant on paper [...]