Lege Trend. 8 Elements. Data Breach Notification that outs the hackers.

South Africa recently enacted a new data breach notification law that requires companies to:

• Notification by the company will have to factor in the needs of law enforcement
  • Delay is only permitted if it undermines or impedes an investigation
• Companies are asked to restore the integrity of their information system.
•  Notification itself must be in writing  either via email or regular mail 
• Alternative notification if mail fails, is  prominent position on the website, published in the media; or as directed by the Information Regulator.
• The notification must provide sufficient information to allow the person whose information was compromised to take protective measures against the potential consequences of the compromise.

• Notice must describe measures taken by the company  to address the security breach
• Notice must include recommendation on what measures  the person whose information was compromised should take to mitigate the possible adverse effects of the breach.

• If known to the company, the identity of the unauthorised person who may have accessed or acquired the personal information must also be divulged to the data subject.

Business Tech | SA companies will soon be forced to tell customers of a data breach by law​