Hot newsRisk ManagementTechnology

Latest celebrity hacking lesson

The recent release of nude pictures of over 100 celebrities, including Jennifer Lawrence, Kate Upton and Kirsten Dunst, has raised questions over the security of personal information being stored in cloud internet services as hackers claim to have accessed the private accounts of these celebrities. Whilst these claims of a breach are still being investigated, the invasion of privacy highlights the importance for all South African businesses storing personal data of their customers and employees to have cyber liability cover in place, in order to potentially cover the legal costs of rectifying such a situation.

This is according to Candice Sutherland, Cyber Liability Specialist at SHA Specialist Underwriters – the largest liability underwriting management agency (UMA) in Southern Africa – who says that this type of breach could not only attract litigation from the victims but also a hefty fine from the information regulator established in terms of the Protection of Personal Information Act (“POPI”). “All countries have privacy legislation in place similar to the POPI Act and businesses could face a severe fine if the company is found to have not properly secured the private data of its clients or employees.”

She explains that following any type of hacking incident the costs can rise quickly. “The company will need to investigate whether there was a breach and if so, how it occurred, whether it has been contained, what data was affected and to whom the data belongs to.  Legal and IT specialist advice is likely to be required as part of the investigation.”

If a breach did occur, the company will have to notify the information regulator of the breach and defend the case by demonstrating what security measures it had in place and what remedial action will be taken, says Sutherland. “Legal advice will be required and there may be time limits on how quickly this needs to be done.”

Following this, the information regulator may decide on specifics regarding the action to be taken, she says. “Affected clients will have to be notified and the company may have to offer them further remediation services.  The regulator may also make a decision regarding the severity of the breach, whether a fine is appropriate and if so, what the cost thereof will be. How these decisions are taken and how severe the penalty is, will depend on the information regulator and the regulations he/she will make under section 112 (2) of POPI.”

The information regulator is the regulating authority that has been created by the POPI Act. The Act gives the regulator extensive powers to investigate and fine responsible parties. Victims of data breaches will be able to complain to the regulator who will be able to take action on behalf of these complainants.  The information regulator will regulate both POPI and The Promotion of Access to Information Act (“PAIA”) and will report to Parliament. Although those sections of POPI that relate to the information regulator have already commenced, the process to establish the information regulator is still underway and no-one has been appointed as yet.

In addition to potential fines from the information regulator, the company may also face legal action taken by affected parties and the possibility of class action suits, she says.

“Whether the company has to prove it is not liable in failing to protect the private data of its customers, or if it is found guilty of ineffective protection of its customer’s private data, the company will always have to pay for notification expenses, crisis management expenses as well as legal costs. As a result, it is imperative for all businesses storing personal data to have effective Cyber Liability cover in place or they could face hefty financial repercussions or, worst case scenario, liquidation,” concludes Sutherland.

Candice Sutherland







Related posts
Risk Management

Managing business risks: easy steps any SME can take today

Research and SurveysRisk Management

Lloyd’s and Aon report reveals the highly interrelated risks of Ukraine conflict reshaping business models and global economy

Risk ManagementShort-term

iTOO stays the course amid continued increase of commercial crime risks

Technology

Thieves target fuel tankers, as hijackings rise