Ushering in a new era of liability

The Equifax saga, where the personal details of nearly 145.5 million US citizens were hacked by cyber criminals, has once again highlighted the growing nature of cyber crime.

To most companies, cyber crime is seen as one of the biggest future risks that they face. However, the future is now. Hot off the heels of the Equifax saga it was reported that the personal details of millions of South Africans were leaked onto the internet.

What does this mean for members of the public and companies affected by the leak? FAnews spoke to Christoff Pienaar, Head of the Technology & Sourcing Department at Cliffe Dekker Hofmeyr, to find out his views on the issue.

Massive leakage

On 17 October on media organisation TechCentral indicated that the personal information of millions of South Africans was leaked online. Details such as property ownership, employment history, income and company directorships were among the sensitive information.

“In the wrong hands, the information could be used to impersonate people and commit identity theft, fraud and card crime. There was reference in a number of media reports to a website where people could find out whether they have been affected by the data breach, but a number of online fraud experts have warned against this and suggested that a person should rather contact a credit bureau to ascertain whether there were any suspicious transactions,” says Pienaar.

He adds that members of the public should keep an eye out for suspicious email communications, card transactions and should be vigilant when someone asks for their data.

On the defensive

Following a breach of this nature, it is only natural that members of the public, and companies, become very defensive when dealing with sensitive data. Members of the public may be reluctant to give it out and companies will become weary about how the information is being handled by the company.

“To protect both themselves and their customers, companies need to safeguard the data collected and held by them. This starts with critically evaluating what data they hold, where they get it from, why they hold it, how they use it and who has access to data. Once this has been established, businesses can then turn to the technical and organisational measures they currently have in place or have to put in place to safeguard such data against unlawful access,” says Pienaar.

These measures include splitting general data and sensitive data. Once this has been done, the data needs to be kept separately so that not all of the information is hacked at once.

Cashing in or checking out?

After hearing this news, and coming to terms with the fact that they may be personally affected by the breach, members of the public may be asking whether they are entitled to any compensation from the companies that they entrusted their sensitive information to.

“Under current South African law the only circumstances under which compensation may be payable is if an individual succeeds with a delictual (an intentional or negligent breach of duty of care that inflicts loss or harm) claim for infringement of privacy against the individual or organization who caused the data breach. Further, a person must be able to prove monetary loss and causality,” concluded Pienaar.

What the Equifax saga and the South African information breach has shown us is that the need for legislation to force companies to get serious about data protection is needed. The Protection of Private Information (POPI) is taking its time to be established, how many more hacks and cyber crimes will be committed during this time? We can ill afford it.

Editor’s Thoughts:
Besides the need for the POPI Act to be finalised post haste, the above cyber breaches shows the value of a cyber liability policy. Perhaps this is another way in which brokers can show their value as risk advisers. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts [email protected].

Comment on this Post

Name*

Email Address*

Comment*

 

Submit Comment