The Information Regulator (InfoReg) has established an online portal for reporting data breaches.
As part of moving away from reporting via e-mail, the data privacy enforcer set up a new Security Compromises Reporting functionality on its eServices portal that went live on 1 April.
It has urged public and private bodies to report data breaches via the online system.
“This is part of the regulator’s ongoing effort to streamline the reporting process and improve the monitoring of security incidents affecting personal information,” it says in a statement.
“The Security Compromises Reporting functionality will be accessible through the eServices portal, which can be found on the regulator's website, or directly at https://eservices.inforegulator.org.za/compromises/default.aspx.”
South Africa continues to face an alarming rate of data security compromises, with the regulator receiving thousands of complaints from the public.
IBM’s 2024 Cost of a Data Breach Report showed data breaches in SA now cost R53.10 million per incident, on average. This figure is up from R49.45 million in 2023.
In June 2024, the InfoReg noted that in the 2023 financial year (ended February 2024), the number of security compromises reported by local firms spiked to over 1 700 – more than triple that of the previous year.
The InfoReg is, among other duties, empowered to monitor and enforce compliance by public and private bodies with the provisions of the Protection of Personal Information Act (POPIA).
Under POPIA, organisations must inform the InfoReg if they expose the personal information of data subjects to unauthorised third-parties without their approval.
The Act sets down firm frameworks that companies must abide by to avoid fines, criminal persecution and potential reputation loss. Perpetrators can face fines of up to R10 million or 10 years of imprisonment, depending on the seriousness of the breach.
According to the regulator, security compromise reports are made in terms of section 22(1) of POPIA, where there are reasonable grounds to believe the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify the regulator.
For queries related to the reporting process or the requirement for compliance, the public can contact Dirk Aspeling, senior security compromise officer − legal, at DAspeling@inforegulator.org.za. Alternatively, contact Joy Alexander at JAlexander@inforegulator.org.za.
For technical assistance, contact helpdesk@inforegulator.org.za, or call 010 023 5200.
Share