Information Security

Two first decisions on Google Analytics’ data transfers to the US

Following the “Schrems 2” decision from the Court of Justice of the European Union (CJEU) on 16 July 2020 invalidating the privacy shield((The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield (europa.eu).)), the European Data Protection Authorities (DPAs) are now taking the first “real world” decisions.   A few [...]

POPIA and Prior Authorisation

On 1 February 2022, section 58 (2) of the Protection of Personal Information Act, 4 of 2013 (POPIA) came into full operation.  This section relates to application for prior authorisation. What is prior authorisation and when should a Responsible Party apply for one? In instances where a Responsible Party is involved in processing certain types of information, they may need [...]

By | 7th March, 2022|Compliance Law, Data Protection, Information Security, POPIA, Privacy Law|

The importance of social media policies in schools

INTRODUCTION Social media refers to forms of electronic communication through which users create online communities to share information, ideas, personal messages, videos and other content.  Since the beginning of the COVID-19 pandemic, social media has proven to be a useful tool through which teachers and learners can communicate.  This enables  them to facilitate learning while adhering to the social distancing [...]

By | 7th March, 2022|Child law, Data Protection, GDPR, Information Security, Social media law|

Privacy implications of wearable technologies – the case of smart glasses

Introduction The Internet of Things (“IoT”) refers to the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data.  The IoT has become one of the most important emerging technologies.  There are various devices that form part of the IoT, including wearable technologies. As it stands there is no universally agreed upon [...]

By | 27th January, 2022|Compliance Law, Cybersecurity, Data Protection, Information Security, Privacy Law|

How to avoid sanctions under POPIA

With the coming into full operation of the Protection of Personal Information Act, 4 of 2013 (POPIA), we have been receiving questions from clients regarding the implementation of the POPIA sanctions.  We noticed that a lot of people are confused on when POPIA sanctions can be imposed on a business, organisation or individual acting as responsible parties.  For example, if [...]

CHALLENGES TO POPIA COMPLIANCE AND ENFORCEMENT

It has been a few months since the grace period for the coming into full operation of the Protection of Personal Information Act, 4 of 2013 (“POPIA”) lapsed.  The hype and frenzy around POPIA compliance is slowly dying down.  This may be because most organisations have taken the steps to ensure they are POPIA compliant or they are ‘testing the [...]

THIS MEETING IS BEING RECORDED: DO YOU HAVE TO CONSENT TO IT?

The use of video conferencing tools have surged with the COVID-19 pandemic.  When organising virtual meetings, meeting organisers frequently request from attendees their consent to use the recording functionalities as it is convenient to prepare minutes, keep accurate records of the meetings and easier to share with colleagues who might not have been able to attend the meetings.  There is [...]

Cyber attacks and reporting obligations under POPIA

The month of October, known as the Cybersecurity Awareness Month, comes at a time when South Africa is reeling from the effects of a plethora of security breaches and cyber attacks that have plagued the country since the beginning of 2021.  The most recent security breaches and cyber attacks targeted Transnet and the Department of Justice and Constitutional Development.  Section [...]

NEW EU SCC’s: IMPACT ON SOUTH AFRICAN BUSINESS

On 4 June 2021, the European Commission adopted two new sets of Standard Contractual Clauses (“2021 SCCs”). The 2021 SCC’s will replace the old SCC’s adopted in 2010.  The adoption of new SCC’s is to reflect the changes to European Union (“EU”) data privacy law, under the General Data Protection Regulation 2016/679 ("GDPR") and the Schrems II decision((Case C-311/18 Data Protection Commissioner [...]

South Africa’s ports, pipelines and hospital networks are critical infrastructure: protecting them from cyberattacks is non-negotiable

Maersk and Transnet cyberattack parallels On 27 June 2017, shipping company – Maersk – faced its biggest crisis.  NotPetya, a type of ransomware, had spread through its global computer network in 7 minutes[1], destroying 49,000 of its laptop computers.[2]  17 of its terminals across the globe were hacked. The NotPetya attack was so rapid, that at the Maersk terminal in [...]

By | 4th August, 2021|4IR, Cybersecurity, Information Security, Technology Law|