Abstract
South Africa is amongst a group of fast developing countries that faces many challenges, including modernisation of government systems by means of information and communication technologies. Government departments are fast moving away from a paper-based system to an electronic system which is used to capture substantial amounts of personal information. Modernisation globally has introduced different technologies that brings alongside the good, and the evil. Massive amounts of data get exchanged frequently in cyberspace and if not managed, cyberspace may become a dangerous place in which threat actors may take advantage of any lacuna that exist for them to use dark web technologies to infiltrate and explore vulnerabilities to the system. The risk of poor management of cyberspace and non-compliance with data protection legislation could have a negative impact on public trust as well as global cooperation.
The discussion explores compliance of South Africa government departments with the provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) aimed at the protection of personal information. This act came into operation in 2021. Over the years many government departments have fallen victim to various forms of cybercrime, such as ransomware attacks, unauthorised access to information and cyber fraud to name but a few. In accordance with POPIA the responsible party and in this instance, the government department, has a legal duty to secure the personal information of the data subject. It is important that the data subject trusts the government department to protect their information against an intrusion and therefore cybersecurity measures must be implemented. The discussion investigates whether the South African departments that have fallen victim to a cybersecurity incident, complied with the provisions of POPIA. It also explores how government departments can effectively mitigate the threat to personal information by means of cybersecurity governance.