Data loss continues to make headlines around the globe with South Africa being the latest target. A database of more than 60 million South Africans has apparently been leaked online. I have warned that companies must act before it's too late. This could be the biggest breach of the Protection of Personal Information (PoPI) Act ever.
The leaked database apparently contains names and surnames, identity numbers, income, employer details, gender, ethnicity, home ownership as well as contact information. Your name, surname, address and date of birth provide enough information to create another identity.
Once an identity thief has your personal information, they can use it to open bank accounts, apply for credit cards or apply for clothing accounts. Your identity is your most valuable asset. If someone gets hold of your personal information and steals your identity, you can lose money and may find it difficult to get loans, credit cards or a home loan.
Even more concerning is the anxiety and frustration of spending months, even years, regaining one's financial health and restoring your good credit history. If you think you are a victim identity theft, act quickly to ensure you are not liable for any financial losses. Request a copy of your credit record to check for any suspicious credit applications and report any suspicious credit applications to the police.
Data security laws mandate that organisations implement adequate safeguards to ensure the protection of company and personal information. The King IV Code requires that all governing bodies must ensure that their organisations are protecting the privacy of personal information. It requires disclosure of the status of lawful processing of personal information in the annual integrated reports.
In an effort to protect personal information, the PoPI Act has been signed by the President and is now law. It sets conditions for how to lawfully process personal information. These data security laws mandate that organisations implement adequate safeguards to ensure the protection of company and personal information, especially when it comes to the disposition of redundant IT assets.
The PoPI Act will have serious consequences in the near future.
The Act enforces companies to introduce strict measures and guidelines that will safeguard the processing, usage and handling of sensitive information. It places a strict onus on businesses when it comes to handling personal information about their clients, staff and customers.
The Information Regulator has published the regulations for comment and companies will only have one year from the commencement date to comply or face significant consequences. If there is a breach, the financial implications can possibly cripple an organisation. If found guilty, companies will face potential civil claims, fines and reputational damage.
The PoPI Act will have serious consequences in the near future. It won't be long before we start reading about companies that have been fined for non-compliance and this, in turn, will encourage other companies to adopt policies that will ultimately protect them from reputational loss.