With the scale and impact of the hack, it will be interesting to see if and how South Africa’s Information Regulator will try and mitigate the impact.
The Information Regulator can issue compliance orders to bring about actions to mitigate future risks or to mitigate the current impact. In this case, the possibility of issuing of fines, as reported in the media, will not mitigate the impact; but an order could be made, whereby information campaigns on the breach by TransUnion are mandated by the Information Regulator.
These information campaigns must reach and inform data subjects from all walks of life that the TransUnion breach may cause many fraudulent banking scams to emerge and should instruct data subjects to validate telephonic requests by persons posing as their bankers with the branches of their banking institutions.
We are yet to see civil claims from data subjects for losses caused due to the leak of their personal information. However, if persons are defrauded as a result of the leak, these civil claims should become more prevalent.
Commentary provided by Chanique Rautenbach
Chanique is a Senior Associate with Barnard Incorporated Attorneys
E-mail firstname.lastname@example.org or call Chanique at 072 636 2524