IconAppraisers and Valuers
IconAssociations and Institutes
IconBBBEE Consulting and Verification Agencies
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDefensive Driver Training
IconEmergency Medical Rescue
IconForensic Investigation Services
IconInsurance Brokers - Alphabetical Listing
IconInsurance Brokers by Type of Product or Service Needed
IconInsurance Companies
IconInsurance Consultants
IconLightning Damage & Surge Protection Specialists
IconOnline Quotes and Cover
IconPremium Financing
IconPublic Loss Adjustors
IconRating Agencies
IconRegulatory Authorities
IconRisk Finance
IconRisk Management
IconRisk Surveyors
IconSalvage Operators
IconTelephone Quotes
IconVehicle Accident Management
IconVehicle and Household Risk Inspection Services
IconVehicle Tracking
IconWellness Programs
  Subscribe To »

Petya or NotPetya – under POPI you must report







By Kerri Crawford (SA) and Rakhee Bhikha
Norton Rose Fulbright South Africa Inc.

Barely recovering from the WannaCry ransomware attack, many across the globe now have to deal with the latest ransomware attack, NotPetya. Originally thought of to be the Petya ransomware for making money, security analysts quickly realised that the current cyber-attack was not designed to make money. It appears that NotPetya has actually just been designed to cause maximum damage, while disguising itself as ransomware.

You know you’ve been affected by NotPetya if you receive a message that your files have been encrypted with a demand to pay US$300 in Bitcoin. Unlike with WannaCry there is no ‘kill-switch’ with NotPetya. A ‘kill-switch’ enables tech-wizards to infiltrate the malware and stop it from encrypting data or causing damage.

The NotPetya ransomware has affected large organisations all over Europe and the US, with the Ukraine to have been hardest hit by it. See this timeline for some high-profile attacks and how NotPetya has unravelled.

In South Africa, there is currently no legal obligation on companies to notify anyone, either a local authority or customers of the company. Barring any confidentiality or similar contractual obligation that companies may have to customers, companies do not have to publicise their breach. However, once the Protection of Personal Information Act 2013 (POPI) commences there will be an obligation on organisations to report data breaches to the information regulator and customers; and once the Cybercrimes and Cybersecurity Bill is enacted there will be new offences created that will make cyber-attacks and breaches illegal in South Africa.

South African companies with affiliates or headquarters in other jurisdictions may currently have notification obligations in terms of those foreign laws, so bear this in mind if you have been affected by NotPetya and have operations overseas.

Companies may also notify people potentially affected by a data breach as a policy decision or good practice, although proper legal and public relations advice should be taken before doing so.

Source: Norton Rose Fulbright South Africa Inc.
« Back to previous page Print this page » |

Breaking News »

Pollution liability risk on the rise for SA businesses, directors and employees

Pollution liability is becoming an increasingly intricate issue in South Africa and businesses, as well as the relevant directors and employees in their personal capacity, are facing an increased risk of being ...
Read More »


Iemas members to receive R109 million in member benefits

              Johan Nel, Chief Executive Officer Iemas Financial Services (Co-operative) Ltd.               With ...
Read More »


China and Zambia: Friendship Turned Sour

By Coface, the international trade credit insurer Zambia’s export dependency on China doubled over the past decade, beginning in 1998, after China Nonferrous Metal Mining Group (CNMC), a Chinese state-owned ...
Read More »


The risk of owning an incorrectly numbered sectional title unit

By Junaid Nabbie, Senior Associate Norton Rose Fulbright South Afriva Inc. Prospective buyers of sectional title units should not only inspect the property for defects, but ensure they are buying the correct property ...
Read More »


More News »


Healthcare »


Investment »


Life »


Retirement »

Advertise Here

From The Glossary »



In terms of the Basic Conditions of Employment Act, 1997, an employee means: any person, excluding an independent contractor, that works for another person or for the State. any other person that in any manner assists in carrying on or conducting the business of an employer.
More Definitions »

By using this website you agree to the Terms of Use.
Copyright © Stoker Risk & ICT (Pty) Ltd 2004 - 2017.
All Rights Reserved.





Contact IG


Media Pack


RSS Feeds