printer friendly version

From the editor's desk: Waiting for PoPI

A while ago we heard of yet another cyber breach, this time from Experian. If you read the Hi-Tech Security Solutions’ article online (www.securitysa.com/11231r), you wouldn’t have been too perturbed as the company claimed to have it under control.

Nothing to see here, move along ( https://www.youtube.com/watch?v=5NNOrp_83RU, or you can use the short URL www.securitysa.com/*move). More recently we heard that personal information of millions www.securitysa.com/*move of South Africans has been found online from the Experian breach.

So the question is whether the company knew how bad the breach was and covered it up hoping nobody would notice, or were they simply unaware of the extent of the breach? Either option is unacceptable. Given the business of Experian, it holds data that is extremely personal and can be used for identity theft.

What identity theft means in the real world is that whoever has your details – including your ID number – can open an account in your name, take out a loan, get married and so on, all in your name. They also have brilliant information to use to send you an email that looks like it comes from your bank, or to call you and claim they are your bank, giving you enough personal information to make you believe them since your bank is trustworthy and certainly wouldn’t be sending your personal details to anyone else.

While the individuals at Experian are probably feeling sorry for themselves right now, the real victims of this crime are you and me. We have no recourse against these financial companies and no matter what happens they will blame their customers and make it close to impossible to recover all the losses one may suffer from identity crime.

One fine day in 2021, the PoPI Act will allow the Information Regulator to investigate these types of breaches and impose fines or more. Although we have to wonder if that will ever happen according to the law or only to selected politically convenient targets. Law enforcement in general in South Africa is not a top priority; can we expect cyber law enforcement to be any different?

Unless executives are actually jailed they will simply pay a fine and pass the costs along to the customer – you. You can’t expect these important people to miss out on a bonus. That wouldn’t be fair.

In case you missed the sarcasm above: yes, banks would share your information under the guise of sharing it with third parties.

I apologise, I mean trusted third parties, like Experian.

Andrew Seldon

Editor

Share this article:

Further reading: