POPIA is gradually making its way to South African courts
The South African regulatory environment is becoming increasingly complex due to developing cyber and data privacy laws as well as established healthcare-related laws and regulations. We explore the impact of data privacy and cyber related risks on healthcare affiliated organisations in the South African landscape and what steps should be taken to mitigate these risks.
Healthcare institutions are increasingly becoming the targets of cyber-criminal activities. This is largely due to the fact that healthcare institutions are the custodians of inherently sensitive information, which is defined as “special personal information” under the Protection of Personal Information Act, 4 of 2013 (“POPIA”), which often requires a higher standard of care when being processed.
The Information Regulator (South Africa) is starting to take an active role in ensuring POPIA compliance, especially in the recent security compromised notifications set out in section 22 of POPIA.
Some of the pertinent insights to consider:
Should you require guidance on South Africa’s legislative landscape relating to data privacy, cyber law, healthcare, and how best to prepare and defend against these emerging risks, please reach out to the key contacts below.