IconAppraisers and Valuers
IconAssociations and Institutes
IconBBBEE Consulting and Verification Agencies
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDefensive Driver Training
IconEmergency Medical Rescue
IconInsurance Brokers - Alphabetical Listing
IconInsurance Brokers by Type of Product or Service Needed
IconInsurance Companies
IconInsurance Consultants
IconLightning Damage & Surge Protection Specialists
IconOnline Quotes and Cover
IconPremium Financing
IconPublic Loss Adjustors
IconRating Agencies
IconRegulatory Authorities
IconRisk Finance
IconRisk Management
IconRisk Surveyors
IconSalvage Operators
IconTelephone Quotes
IconVehicle Accident Management
IconVehicle and Household Risk Inspection Services
IconVehicle Tracking
IconWellness Programs
  Subscribe To »

Petya or NotPetya – under POPI you must report







By Kerri Crawford (SA) and Rakhee Bhikha
Norton Rose Fulbright South Africa Inc.

Barely recovering from the WannaCry ransomware attack, many across the globe now have to deal with the latest ransomware attack, NotPetya. Originally thought of to be the Petya ransomware for making money, security analysts quickly realised that the current cyber-attack was not designed to make money. It appears that NotPetya has actually just been designed to cause maximum damage, while disguising itself as ransomware.

You know you’ve been affected by NotPetya if you receive a message that your files have been encrypted with a demand to pay US$300 in Bitcoin. Unlike with WannaCry there is no ‘kill-switch’ with NotPetya. A ‘kill-switch’ enables tech-wizards to infiltrate the malware and stop it from encrypting data or causing damage.

The NotPetya ransomware has affected large organisations all over Europe and the US, with the Ukraine to have been hardest hit by it. See this timeline for some high-profile attacks and how NotPetya has unravelled.

In South Africa, there is currently no legal obligation on companies to notify anyone, either a local authority or customers of the company. Barring any confidentiality or similar contractual obligation that companies may have to customers, companies do not have to publicise their breach. However, once the Protection of Personal Information Act 2013 (POPI) commences there will be an obligation on organisations to report data breaches to the information regulator and customers; and once the Cybercrimes and Cybersecurity Bill is enacted there will be new offences created that will make cyber-attacks and breaches illegal in South Africa.

South African companies with affiliates or headquarters in other jurisdictions may currently have notification obligations in terms of those foreign laws, so bear this in mind if you have been affected by NotPetya and have operations overseas.

Companies may also notify people potentially affected by a data breach as a policy decision or good practice, although proper legal and public relations advice should be taken before doing so.

Source: Norton Rose Fulbright South Africa Inc.
« Back to previous page Print this page » |

Breaking News »

Over-exposed - vineyard volatility amid a changing climate

Allianz examines how climate change is impacting the world’s major wine-producing regions and offer best practice tips to mitigate winery production exposures and protection of wine cellars. Climate disruptions ...
Read More »


Venezuela: The Crisis Worsens

By Coface, the international trade credit insurance company   On July 30, Venezuela held elections to vote for the members of the National Constitutional Assembly (ANC) called by President Nicolas Maduro ...
Read More »


Rich South Africans at risk of underinsurance

While the concept of underinsurance is usually associated with low income earners, there are an increasing number of risks faced by wealthier South Africans that they are failing to insure for, resulting in potential ...
Read More »


Maintenance Matters

The importance of maintenance when it comes to home insurance When it comes to insuring your home, there’s no better idiom than ‘a stitch in time saves nine’ to demonstrate why maintenance ...
Read More »


More News »


Healthcare »


Investment »


Life »


Retirement »

Advertise Here

From The Glossary »


Excess Interest:

Interest earned by a life insurance company in excess of that assumed in premium and reserve calculations. Excess interest is usually allocated to policyholders as one component of their bonuses. It is also allocated to those supplementary settlement agreements that are computed on the basis of interest only.
More Definitions »

By using this website you agree to the Terms of Use.
Copyright © Stoker Risk & ICT (Pty) Ltd 2004 - 2017.
All Rights Reserved.





Contact IG


Media Pack


RSS Feeds