Justice department takes Info Regulator to court over R5million fine TechCentral

pThe department of justice constitutional development is taking the Information Regulator to court to fight a R5million fine the regulator imposed on it over a 2021 cyberattackppThe fine against the department was the first administrative penalty imposed by the Information Regulator since its establishment and the court case could serve to set an important precedent in the way information security breaches are regulated in South AfricappThe court application was issued on 29 September and was delivered to the sheriff on 2 October for purposes of serving it on the Information Regulator The return of service a response is currently awaited said justice department spokesman Steven MahlanguppA ransomware attack on 6 September 2021 crippled the departments information systems Bloomberg News reported at the time leaving them encrypted and unavailable All departmental electronic services including the issuing of letters of authority bail services email and the website were affected by the incidentppFollowing the attack the Information Regulator launched an owninitiative assessment through which it found that the department had failed to put in place adequate technical measures to detect unusual activity in its network and prevent unauthorised access to it systems This was due in part to a failure by the justice department to renew the software licences of three product areas security incident and event monitoring SIEM intrusion detection system IDS and antivirus All three licenses had expired in 2020ppThe regulator also criticised the justice departments failure to perform an IT risk assessment on its network and software systemsppIn May it said The regulator has issued the Department of Justice and Community Development with an enforcement notice in which it orders the department to submit proof to the regulator within 31 days of receipt of the notice that the Trend Micro antivirus licence the SIEM licence and the IDS licence have been renewed It must also institute disciplinary proceedings against the officials who failed to renew the licences which are necessary to safeguard the department against security compromisesppThe department of justice did not respond to the regulators enforcement notice suggesting the remedial actions enforced on it had not been implemented Consequently in June the regulator issued an infringement notice in which it ordered the department to pay a R5million fineppThe 31 days given to the department expired on 9 June 2023 To date the department has not provided the regulator with a report on implementation of the actions required in the enforcement notice or any other communication in that regard said the regulator at the time The department of justice had the right to appeal the enforcement notice in terms of section 971 of Popia and they failed to exercise that right said the regulator referring to the Protection of Personal Information Act also known as PopiappThe justice department however is challenging the legality of the two notices sent to it by the regulator in terms of section 6 of the Promotion of Administrative Justice Act The department further argues that the regulator has misinterpreted and misapplied Popia legislation saying that the regulators flawed process risks setting a precedent that if not challenged the implications for the work of the information Regulator itself and all entities will be negatively impactedppThe Information Regulator did not apply its mind to the application of reasonable time periods in which the orders were to be implemented There is also no proof that personal information was lost damaged unlawfully accessed or processed and subsequently misused to the prejudice of anyone Mahlangu saidppIn an episode of the TechCentral Show published on Friday Information Regulator chair Pansy Tlakula highlighted the fine against the justice department as a sign of its institutional independenceppOur budget doesnt come from the department of justice justice is a conduit The reason is that when we started the justice department helped us establish the regulator However there is a perception out there that we are part of justice The regulator showed that independence by fining an organisation or department that helped it to establish itself  2023 NewsCentral MediappGet the best South African technology news and analysis delivered to your email inbox every morningpp

pp

pp
Type above and press Enter to search Press Esc to cancel p