Businesses must be aware of the legal requirements when a data breach takes place so that they can be swift in their response, as failure to comply is considered an offence under the Protection of Personal Information Act.
The first step is to notify the Information Regulator and the Data Subject/s (should their identity be known) of the breach. The notification must be done as soon as reasonably possible after the discovery unless where, for example, there is a criminal investigation pending.
Businesses must ensure that their employees are aware of their obligation to immediately report actual, suspected or potential data breaches to their respective departmental manager or Deputy Information Officer.
The notification to the data subject must be done in writing. It can be sent through various means, including mail, e-mail, placing a notice in a prominent position on the business’s website, publishing it in the news media or as directed by the Regulator. The Act also prescribes specific requirements regarding what the notification should contain.
Therefore, it is advisable that businesses should implement adequate policies and procedures which govern how employees respond to data breaches.
Should you require more information on POPIA compliance, please do not hesitate to contact the Consumer Protection and POPI department at SEESA.
To find out how SEESA can help your business visit our website
“SMS” the word “SEESA” to 45776 with your query and a professional Legal Advisor will contact you!
#TeamSEESA