‘…stolen personal information has become
a commodity. The price of the stolen
information increases based on the financial
standing of the individual whose information
has been stolen.’
and the fact that it is estimated that 90% of the data in the world
today has been created within the last 24 months. Much of this data
contains personal information, and carries the risk that this personal
information can be obtained by unauthorised people who can use
[it] to the detriment of the legal owners.’
Incidents that have set international alarm bells ringing included:
• In 2010, a large multinational insurer stated that it had lost
approximately 46 000 records containing customers’ personal
information. It was later divulged that there was a South
African connection as the security breach arose when customer
information sent to a South African subsidiary company for
processing, resulted in the loss of an unencrypted back-up tape
during a routine transfer to a data storage centre. This breach
resulted in the insurer receiving a hefty fine from the UK’s
Financial Services Authority.
• In October 2013, it was reported that Adobe had suffered a
massive security breach which compromised the IDs, passwords,
and credit card information of nearly three million customers.
‘Personal information obtained illegally can be manipulated
resulting in a devastating impact on unsuspecting individuals.
Once in possession of a stolen ID document, criminals can use
the acquired identity to gather or create additional information,
explains Thornton.
‘The growth in use of smartphones and the spread of programmes
such as “Trojans” into these devices has exacerbated the problem of
identity theft. Our online lives have enabled easier illegal collation
of our personal information to take place. Criminals armed with this
information can create debt, make in-store or online card purchases,
and even obtain fraudulent passports without the knowledge of the
person concerned.
‘The bottom line is that stolen personal information has become
a commodity. The price of the stolen information increases based
on the financial standing of the individual whose information has
been stolen.
‘With the increased online availability of stolen personal
information there is also a commensurate increase in identity theft
to enable buyers of such stolen data to fraudulently access the
benefits associated with such stolen information,’ says Thornton.
‘Although South Africa has not yet experienced a spike in hacking
incidents linked to the theft of persona, some industry experts expect
ID theft to surpass traditional theft due to the perceived anonymity
associated with ID theft,’ adds Thornton.
The protection of personal information by entities is therefore set
to play a critical role in the prevention of future ID theft.
In South Africa this concern has been reflected in the Protection
of Personal Information Bill (POPI), which will soon be signed
into law. This Bill seeks to support the right to privacy of personal
information of South African citizens and, also protects personal
information collected and processed by organisations.
The Bill requires a custodian of third party personal information to
have adequate measures to secure the integrity of personal information
from, among other things, theft, loss, damage, unauthorised destruction
and unlawful access or processing of personal information. The Bill
also requires custodians of this information to identify and constantly
update safeguards against identified risks to personal information in
their possession.
The holder of information is also required to ensure that – where
there is reasonable suspicion – that personal information has been
accessed or acquired by an authorised person; the processing
party must notify the regulators and the person whose personal
information may have been subject to unauthorised access.
‘The response to the challenge of identity theft has led directly to
the highlighting of the need for improved security and the legislative
responses of many international governments,’ says Thornton.
‘However, reality dictates that as the world of technology leads
to the further proliferation and distribution of personal information,
further challenges will arise requiring innovative action to prevent
the devastating effect that abuse of data can have on individuals
and entities that are impacted by this illegal activity.’ By Deloitte
Edition 8
Legal Viewpoint.indd 43
BANKER SA
43
2013/12/19 4:21 PM