Personal Information - The raw material of Cybercrime

Posted August 8, 2018
Written by Mark Heyink
Since before 2002 I have been actively involved with attempting to create awareness relating to, among other things, the importance of the protection of our personal information and the necessity to address information security and cybersecurity on the one hand and cybercrime on the other. In making representations on the Electronic Communications and Transactions Bill, prior to its enactment I expressly addressed the issue of cybercrime and the fact that in countries where data protection laws have been established this was seen as one of the primary steps to combatting cybercrime. Readers of my articles will know that I have lamented the negligence of government in its failure to deal with these issues properly. So too have I lamented the fact that unscrupulous business has taken advantage of government’s delinquency, placing financial gain ahead of the constitutional rights of citizens and in the vast majority of cases failing to protect personal information.

The damage that has been caused to our citizens by delays in the development and promulgation of appropriate law and the resultant failure by large processors of information in South Africa to protect clients is well illustrated by the Liberty Life hack. So too is the attitude of so many of our blue chip businesses to the protection of personal information reflected in Liberty Life’s responses to its clients and the public.

In that regard I provide a link to an article authored by me which was published in the Money section of the Business Times on the https://www.businesslive.co.za/bt/money/2018-06-23-liberty-misses-the-point-on-financial-losses-from-e-mail-hack/. While you are invited to read the article, the simple point is that Liberty Life trivialises the fact that vast volumes of clients’ information had been hacked emphasising that there had been “no financial loss”. The point that Liberty avoids is that the compromised information is precisely the information (one can only assume that much of this information could be commercially sensitive) that allows criminals insight into the financial affairs of clients enabling them to perpetrate frauds.

The conclusion is inescapable. Due directly to government’s failure to address the issue of how we need to protect personal information in the 21st century, processors of personal information, particularly some of the larger processors of personal information, have not established the appropriate security measures. The ease with which cybercriminals are able to access personal information enabling them to credibly masquerade as legitimate actors in interactions with citizens, is certainly one of the reasons that South Africa is the second most targeted cybercrime country in the world. What has happened with Liberty is not an isolated incident and many organisations are aware that their clients’ information has been compromised. Unfortunately, many of these organisations, in order to hide their own failings and in view of the fact that until the commencement of PoPIA is proclaimed they feel it is “OK” not to notify their clients of data breaches. This only serves to evidence the lack of ethical governance in the organisations that choose this approach.

As we are all data subjects, when the organisations that employ us are guilty of failing to protect personal information we should be asking "... would I be happy if my information is not processed securely and a compromise is not disclosed to me?"

©Mark Heyink 2018

www.privacyonline.co.za

Subscribe
Unsubscribe  
news
  • 09 October 2018 - 12:11:00
    The 28th September 2018 saw the world celebrate “Right2Know” day. The Information Regulator (Regulator) is to be congratulated on organising a conference to mark the celebration. Several speakers eloquently emphasised the importance of access to information in an open democracy as well as the enforcement of sanctions against those who do not comply with their obligations. The importance of the handing over of the Regulation of the Promotion of Access to Information Act to the Information Regulator was also addressed as the South Human Rights Commission has never enjoyed the enforcement powers granted to the Regulator.

  • 08 August 2018 - 13:41:00
    On the 25th July 2018 as a result of announcements that were made by Facebook relating to its future revenues the market value of Facebook dropped by US$ 148 billion (or R1,95 trillion). This is almost half of South Africa’s total GDP in 2016.

    While there may be several reasons for the decline in Facebook’s revenue which led to the sell-off of shares, one of the three primary factors for the decrease in projected profitability of Facebook is the focus on privacy and security