SA's legal framework is not keeping pace with advances in technology, and a Bill that was urgent a decade ago has yet to be promulgated, notes an attorney.
Once the Protection of Personal Information Bill, which has been making slow progress through Parliament, comes into law, companies will have to tighten control over personal information and disclose breaches, says Mark Heyink, a partner at Mark Heyink Information Attorneys.
There is no legal framework in place to force companies to disclose when their security systems are being compromised, and local consumers' information is being breached, says Heyink.
Heyink, who was speaking at a recent Lex Informatica conference on cyber law, claims there were four breaches of personal information last year, two of which happened in the private sector. However, he cannot provide details due to client-attorney privilege.
Internationally, there has been a spike in the number of hacking attacks in recent months, many of which involved people's valuable personal information being compromised, notes Heyink. Computers have the ability to “cut and dice” information and the data can be used in many different ways, he adds.
Once the Protection of Personal Information Bill comes into effect, it will bring SA more in line with international standards as it requires disclosure of breaches and tighter control of personal data, says Heyink.
Really urgent?
A decade ago, the Bill was “urgent”, but has yet to see the light of day and has been put on the backburner, Heyink says. He has been told the Bill will become law by the end of the year, but there are no guarantees. “Parliament doesn't understand how important it is.”
South African law is playing “catch-up” with technological advances and there have not been many cases decided under SA's current cyber law framework, says Heyink. There may have been convictions under traditional law, such as for fraud, but very few under frameworks such as the Electronic Communications and Transactions Act, he explains.
Despite the lack of legal enforcement, South Africans do not manage their personal information in the same way they look after their personal possessions, argues Heyink. “We know that cyber crime is growing.”
Symantec's research shows that someone's identity somewhere in the world is stolen every three seconds, says Heyink. More than 500 million personal records have been compromised in the US over the past six-and-a-half years alone, he adds.
Share