What is a Data Breach?
On 13 Feb 2020, a media announcement from a major SA Bank, outlined how it had conducted a security audit on a third party supplier who provided them with SMS and email marketing and discovered that your and my client data was exposed due to poor IT security at the supplier.
This was correctly announced as a DATA BREACH
A data breach occurs if it is reasonable to believe that unauthorised parties may have accessed the data.
POPIA Definition: A breach has occurred when there is reasonable grounds to believe that any unauthorised person has accessed or acquired personal information
So if an unauthorised party could have obtained access to PI you need to alert your impacted customers and someone (this needs to be clearly defined) needs to contact the Information Regulator. A breach is not always cyber-related, you could leave a folder of papers on a bus or have a cellphone or laptop stolen.
You are also accountable for data breaches that are caused by your suppliers.
So what must you do?
Data breaches are almost inevitable, and how you manage them makes all the difference to the level of impact the breach will have on your business and your customers. POPI compliance helps you minimise the impact on your business and your clients.
You need to plan your response to a data breach to ensure that you and your suppliers respond quickly and efficiently.
You need to be ready to get into the driver’s seat when a breach occurs and know that you are fulfilling the regulatory requirements of the POPI Act.