Defending the Breach – security compromises POPIA
- Section 22 of POPIA imposes a mandatory security compromise notification obligation:
"Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify..."
Security Compromises – important concepts
Incident Response Planning 101
- The content of an incident response plan is not mandated, but it should be tailored to meet the needs of and resources available to each organization
- Key aspects to be included in an incident response plan
include:
- the names and identities of the relevant members of the incident response team;
- an evaluation of the risks posed to the business;
- containment measures for any incident;
- the process for conducting an initial assessment of any incident;
- the remediation steps that should be implemented; and
- a clear understanding of notification obligations
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.