Are you ready for POPI?

SA’s largest data breach & how you can protect your data

It turns out SA’s largest recorded data breach was traced to a Web server registered to a real estate company based in Pretoria, Jigsaw Holdings. They are a holding company for several real estate franchises including Realty1, ERA and Aida. Apparently, this website had exceptionally lax security and contained a database of 75 million records, including the records of 60 million SA citizens.

It seems that hacking wasn’t required to get access to these records as the information was easily accessible on an open Web server. The same credentials were used everywhere and allowed full administrator access across all the databases on the server. All personal data was contained in a single database in clear text. It indicates an overall lack of even the most basic security awareness.

Jigsaw Holdings missed the mark on so many levels, information governance and security was never considered.

How to prevent a data breach in your business

What are the basic things you should know in your business?

  1. Know what information you have.
  2. Know where you keep it.
  3. Know who has access to it.

Once you have answers to these questions, you can start planning the best way to protect your data.

Here are some really useful free resources you can start using today

  1. Start identifying risks and implementing the small changes you can make immediately. Download our top data security tips for small businesses for free. It will give you an action plan that you can implement immediately!
  2. If you have had a data breach, don’t panic. We’ve assembled a to-do list that you can use to make sure you handle the situation like a pro. Here’s what you need to do. 
  3. If you haven’t had a breach – be proactive. Get in touch with us today, and we’ll get you started on a risk assessment. We will give you a free hour-long consultation.
  4. If you’d like more useful, usable info about protecting personal information, the Protection of Personal Information Act, sign-up for our monthly newsletter. Of course it comes with a no-spam guarantee!

Sources:


https://www.timeslive.co.za/news/sci-tech/2017-10-20-hawks-to-probe-massive—-data-leak/

 

This article was reposted with the permission of Novation Consulting.

Competition Law

Competition Commission releases Draft Guidelines on Information Exchange between Competitors

Information is integral to making informed decisions.  When conducting business, obtaining information on the market in which one competes is important to the success of a well-functioning firm.  However, when competitors share information a line can be crossed and therefore caution is required due to the risk that it may result in anti-competitive outcomes.

In line with the approach followed by other international jurisdictions, the Competition Commission has recently released draft Guidelines for comment relating to information sharing between competitors. Read more

Financial Intelligence for your Business

The Financial Intelligence Centre Amendment Act, 1 of 2017 (“the Amendment Act”) was signed into law by the President and published on 2 May 2017. Some of its provisions came into effect on 13 June 2017 while the majority of the remaining provisions will come into effect on 2 October 2017.

Why was it necessary to amend the Financial Intelligence Centre Act (“FICA”)?

South Africa is a member of the Financial Action Task Force (“FATF”), an international body that develops and promotes measures to combat money laundering, terrorist financing and other threats to the integrity of the international financial system. Read more

Compliance Online selected as a National Gazelle

We are proud to announce that Compliance Online has been selected as a member of the leading SME development programme, The National Gazelles, for 2017.

The National Gazelles is a flagship programme of the Small Enterprise Development Agency (Seda) and the Department of Small Business Development.  The programme supports the development of a new generation of successful businesses.

Compliance Online was selected after a rigorous four-stage process to participate in this programme, which identifies enterprises countrywide that demonstrate a proven success record combined with further growth potential. Read more

Act competitively: A Practical Guide to the South African Competition Act

Economic uncertainty appears to be the order of the day, especially on home soil, and the contest between businesses to gain market share remains challenging. We are all impacted in some way or another by this race for economic power and prosperity.

How then is it possible to strive towards a free market where businesses have equal opportunities, economic efficiency is achieved, consumers are protected and ultimately economic growth is stimulated?

The answer, in short, is a robust competition policy, which is underpinned at its foundation by sound economic policies. Read more

Follow-on damages – the new kid on the block for competition law non-compliance?

Until recently, the pecuniary risks of non-compliance with the Competition Act at a firm level involved a fine of up to 10% of a firm’s turnover, and for those guilty of cartel conduct, the risk of criminal sanctions that can take the form of fines or imprisonment.

Read more

Compliance Online directors launch the much-awaited 2nd edition of “A Practical Guide to the South African Competition Act”

This prestigious event that marked the launch of the second edition of the book, A Practical Guide to the South African Competition Act, was held at the offices of the law firm, Webber Wentzel on the evening of 5 April 2017.

The keynote speaker of the evening was the honourable Judge President Dennis Davis and he held the distinguished audience captive with his presentation on “The rapid evolution of competition law in South Africa – navigating the precarious road ahead”.

The guests of honour included the editorial team and authors, Minette Smit (née Neuhoff), Marylla Govender, Martin Versfeld and Daryl Dingley. Minette and Marylla are both directors of Compliance Online and their in-depth knowledge of the competition legislation in South Africa has contributed to the success of the online training solutions they offer to private and public entities on this subject.

Read more about why this book will be appreciated by business people, legal practitioners, economists and academics alike in the article below.

“A Practical Guide to the South African Competition Act” is available from the Lexis Nexis online store.

Processing child information: it doesn’t get more personal than that…

Before we talk about the challenges of processing the personal information of minors, let’s take a step back.

It feels like popi has been in this kind of legislative limbo for years. Oh wait, it has been years. There seems to be some movement lately. Since adv pansy tlakula and the other members of the regulator was appointed last year, they have had their inaugural meeting. Despite a lot of speculation, there has been no indication of when the act will become effective. But we will be watching…

Read more

You have a data breach…now what?

Data breaches are almost inevitable. So, in addition to working towards preventing data breaches, you should be asking yourself whether your business is ready to respond quickly and effectively when the pawpaw (or POPIA) strikes the fan.

When you look at data breaches around the world, businesses often get into hot water for not being prepared to deal with data breaches. Your response must be swift, it must give the affected people the tools to protect themselves, must not open you up to liability (the legal stuff like fines and civil actions) and you must manage the PR fallout. The harm to your reputation is the biggest risk when a breach happens.

Read more

Policies and Procedures: what is the difference?

Well-defined Policies and Procedures can help your business to grow because they enhance your employees’ ability to deliver consistent, high caliber service without dramatically increasing the burden of employee management responsibilities on you.

Despite this generally accepted truth, it is surprising how many companies do not have Policies and Procedures in place that are easy to read and allow employees to clearly understand their roles and responsibilities.  Compliance policy documents in particular are usually full of legal jargon that makes it difficult to read – or just plain boring. They are there to “tick the box”.  Hardly anyone reads them.

Read more