Defending the Breach – security compromises POPIA

  • Section 22 of POPIA imposes a mandatory security compromise notification obligation:

"Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify..."


Security Compromises – important concepts



Incident Response Planning 101

  • The content of an incident response plan is not mandated, but it should be tailored to meet the needs of and resources available to each organization
  • Key aspects to be included in an incident response plan include:
    • the names and identities of the relevant members of the incident response team;
    • an evaluation of the risks posed to the business;
    • containment measures for any incident;
    • the process for conducting an initial assessment of any incident;
    • the remediation steps that should be implemented; and
    • a clear understanding of notification obligations

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.