IOL reports:
The Department of Justice and Constitutional Development (DoJ&CD) has been ordered to pay a R5 million fine following its failure to comply with an Enforcement Notice after contravening the Protection of Personal Information Act (Popia).
On May 9 the Information Regulator issued an Infringement Notice against the department for contravening various sections of Popia.
This after the DoJ&CD suffered a security compromise on its IT systems in September 2021, leading to the department’s systems being unavailable to its employees and affecting services to the public.
Read more at IOL.
As of today, the 5 million rands is equivalent to USD $266,425.82
In investigating the breach, the Regulator found the department did not have adequate security in place and had failed to renew its Security Incident and Event Monitoring (SIEM) license which would have enabled it to monitor unusual activity on their network and keep a backup of the log files. It was directed to do that and under their law, to also institute disciplinary proceedings against the official/s who failed to renew the licenses.
The Regulator issued the Enforcement Notice following the findings, but the department failed to comply by submitting proof to the Regulator within 31 days that the Trend Anti-Virus licence, the SIEM licence and the Intrusion Detection System licence have been renewed.
So the Regulator hit the department with a monetary penalty and things are only going to get worse for the department if they’d don’t appeal or pay timely.
It wasn’t clear from the reporting whether any officials were disciplined for failing to renew licenses.