South Africa’s Information Regulator fines Department of Justice for failing to strengthen cybersecurity after data breach

South Africa’s Department of Justice was fined by the Information Regulator for failing to strengthen its cybersecurity software following a data breach.

 Flag, South Africa Flag

The Information Regulator in South Africa issued its first infringement notice against the Department of Justice and Constitutional Development Department for failing to comply with an enforcement notice requiring it to strengthen its cybersecurity software following a data breach in 2021. The infringement notice, which includes an R5 million fine, was issued after the department failed to renew antivirus licenses and implement disciplinary procedures following the data breach.

The Information Regulator is responsible for enforcing the Protection of Personal Information Act (Popia) provisions, signed in 2013. The Information Regulator was formally established in 2016 but began to issue enforcement and infringement notices to organisations in 2018. The Information Regulator can only send an enforcement notice if it can be shown that an organisation hasn’t taken reasonable steps to protect personal information.