The pandemic has driven home the high value of personal data to the global economy, while also highlighting its vulnerability to abuse and attack.
In response, governments around the world have been reviewing their data privacy and protection laws and regulations, including in South Africa and Ghana.
Global cybersecurity firm Kaspersky recently noted that cyberattacks are set to rise in African countries, especially in the key financial centres of South Africa, Kenya and Nigeria.
The cybersecurity firm noted that rapidly evolving digital techniques had led to an increased risk of Advanced Persistent Threats and hacking-for-hire events in Africa.
South Africa
In South Africa, the Cybercrimes and Cybersecurity Act was signed into law by South African President Cyril Ramaphosa in early June 2021, bringing the country’s cybersecurity legislation in line with global standards.
In South Africa, the Cybercrimes and Cybersecurity Act was signed into law by South African President Cyril Ramaphosa in early June 2021, bringing the country’s cybersecurity legislation in line with global standards.
In South Africa, the Cybercrimes and Cybersecurity Act was signed into law by South African President Cyril Ramaphosa in early June 2021, bringing the country’s cybersecurity legislation in line with global standards.
The Act compels electronic communications service providers and financial institutions to act when they become aware that their computer systems have been involved in a cybersecurity breach, as defined by Act.
They must report such offences to the South African Police Service within 72 hours of becoming aware of the offence, and preserve any information which may be of assistance in the investigation. Non-compliance with this provision is a criminal offence and massive fines can be imposed.
They must report such offences to the South African Police Service within 72 hours of becoming aware of the offence, and preserve any information which may be of assistance in the investigation. Non-compliance with this provision is a criminal offence and massive fines can be imposed.
They must report such offences to the South African Police Service within 72 hours of becoming aware of the offence, and preserve any information which may be of assistance in the investigation. Non-compliance with this provision is a criminal offence and massive fines can be imposed.
POPIA
In South Africa, data security is also governed by the Protection of Personal Information Act.
On 1 July 2021, the substantive implementation of key provisions of POPIA will become enforceable. This legislation, among other things, promotes the protection of personal information processed by public and private bodies, outlines the rights of data subjects, regulates the cross-border flow of personal information, introduces mandatory obligations to report and notify data breach incidents, and imposes statutory penalties for violations of the law.
One of the conditions for lawful processing in terms of POPIA is the use of security safeguards, which prescribes that the integrity and confidentiality of personal information must be secured by a person in control of that information.
An organisation that is involved in a data breach situation may also be subject to an administrative fine, penalty or sanction, or civil actions and/or class actions.
Ghana
In 2020, Ghana similarly passed its Cybersecurity Act 2020, to oversee the country’s response to the prevention and management of cybersecurity incidents.
The Act establishes the Cyber Security Authority and provides for the protection of the critical information infrastructure of the country. The Act also regulates cybersecurity activities, oversees the protection of children on the internet and seeks to develop Ghana’s cybersecurity ecosystem.
Cybersecurity and Personal Data Legislation
Legislation governing the digital economy is essential to protect African citizens in terms of both their digital privacy rights and cybersecurity threats, while at the same time also ensuring that their online freedoms are not threatened.
To facilitate this process, consultations with stakeholders in government, businesses (local and international) and organisations representing wider society, would ensure a balanced approach during the drafting of these laws.
Considering the current rapid move to digitally-focused business models, the implementation of these legal protections and guidance has become urgent for all African countries.
Click here to view original web page at www.itnewsafrica.com
