Protection of Personal Information Act

Remember, after July 1st, to take some consent forms along when attending or hosting a party. You may need it in case you want to introduce Jeffrey to Andy.

1 Like

Reportedly, there was a recent ransomware attack affecting the flow of operations at the Department of Justice. This is regrettable, but I also suspect that their confidence that the data is still secure may be a bit optimistic. If a malicious bit of code can encrypt their data, surely it can also steal it? What would be interesting to note is whether the incident will be formally reported to the Information Regulator, as the new POPIA would have us do.

On the assumption that the various IT admins (systems, DB, firewall, network security, etc.) knew what they were doing when they set up the information systems, the ransomware would not have been able to create a path to the outside by which to steal any data. It probably got into the organisation through an inopportune click or an infected flash drive or an e-mail attachment.

That said, I’ll readily grant that SA’s state institutions do not generally have anything approaching competent admins and nor do the contractors of whom they make use, so it’s a virtual (!) certainty that data were stolen. By the same argument, it’s equally certain that it will be reported as a “minor breach with no data leaks detected.”


Now a new tidbit of gossip has come to light from a source which I have little reason to doubt. The justice department, like so many others, outsources its IT needs to a third party. Apparently they haven’t been paying the bills as they should have, and now the information spigot was finally shut off. Perhaps this was wrongly interpreted as a ransomware attack. Who knows.

Or not so wrongly … if you know what I mean.