Today marks the inaugural Global Encryption Day. This is an initiative by the Global Encryption Coalition (“GEC”). The GEC is composed of the Democracy & Technology, Global Partners Digital, the Internet Society and over 180 organisational members including civil society organisations, business and trade associations, and individual members including technical and cybersecurity experts and academics.
The initiative is an opportunity for businesses, civil society organisations, technologists, and internet users worldwide to show why encryption matters and why people should make the switch to encrypted services and platforms. It is also an opportunity to make governments aware that the use of end-to-end encrypted platforms will aid in keeping citizens’ and government data safe from cyber attacks.
This year South Africa has witnessed a high number of security breaches. According to the Information Regulator (“IR”), in August alone, thirty-eight (38) responsible parties suffered from and reported security breaches. One of the most significant security breaches was the cyber attack on Transnet, which occurred on 22 July 2021. According to Transnet , this attack disrupted normal processes and damaged equipment and information.
Another significant one is the ransomware attack on the Department of Justice and Constitutional Development (DoJ) information technology systems which occurred on 6 September 2021. This ransomware attack affected all electronic services provided by the DoJ including the DoJ’s website.
Although it is not a silver bullet, end-to-end encryption could be an effective tool for cybersecurity. It can, inter alia, enable law enforcement to tackle organised crime, protect critical information and play a critical role in national security and protecting people’s privacy.
Section 19 of the Protection of Personal Information Act, 4 of 2013 (POPIA) provides that responsible parties must put in place appropriate and reasonable technical and administrative measures to protect personal data. Encryption is one such measure which can be implemented to protect personal data. Businesses should consider the type of encryption tools to apply when dealing with personal data.