Security Compromise is a very scary and threatening situation. Knowing what to do if such an unfortunate event takes place makes it easier and helps to overcome this frightening event.
As soon as your company experience any form of security compromise of sensitive or personal information, whether it is information of your clients, suppliers, or employees, the following needs to be done as soon as possible.
Section 22 of the Protection of Personal Information Act reads that Notifications of security compromises need to be reported to the following;
- The Information Regulator;
- The Data Subject, if they can be identified.
This needs to be done as soon as the responsible party or Information Officer or their deputy becomes aware of the compromise.
This must be done in writing in one of the following manners;
- Mail / registered postage direct to the residential address;
- Last known E-mail Address;
- Placed in a prominent position on your website;
- Published in the media
- Or in any way instructed by the Information Regulator.
It is also important to state what your action plan will consist off, and how the Responsible person will put this into action.
Any failure to comply with Section 22 of the above-mentioned Act can lead to non-compliance, which can lead to further investigations conducted by the Regulator and even impose fines or imprisonment.
The Information Regulator of South Africa has published new, user-friendly guidelines and forms that must be used when reporting any security compromise accrued in a company/place of business and also instructions on how to absorb and deal with the unfortunate event.
Want to know more about dealing with security breaches? Kindly contact your nearest SEESA Consumer Protection and POPI Legal Advisor. Alternatively, leave your contact details on our website, and a SEESA representative will contact you.
About The Author:
Riaan Conrad Conradie is currently a Consumer Protection & POPI Legal Advisor. He joined the SEESA Upington team on the 1st of October 2020. He obtained his LLB degree at the University of the Free State.
Resources: