Uncategorized - Swift Tech Law

A new scam has recently emerged where cybercriminals use the well-known number porting tactic, usually associated with the hacking of bank accounts, to now highjack your WhatsApp. The scammer will then use your WhatsApp to message your contacts and ask them for money pretending to be you. To avoid being the next victim, here is a guide on how to secure your WhatsApp account:

1. Enable the two-step verification feature to secure your WhatsApp account

Yes- it is a bit of admin, but if you don’t activate this feature and your Whatapp account gets hacked, the hacker can use this function to lock you out of your account. To enable this feature and to secure your WhatsApp account, you will be required to choose a 6-digit passcode. When enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the passcode that you created using this feature. We suggest that you also enter your email address to allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit passcode – which we know you will probably forget by the time you need to use the passcode again.

2. Enable your security encryption notifications

Why would you want to enable this feature?

Each of your chats has its own security code used to verify that your calls and the messages you send to that chat are end-to-end encrypted. If you click on a contact and scroll down to “Encryption” you will find this code This code in the contact info screen, both as a QR code and a 60-digit number. These codes are unique to each chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted.

At times, the security codes used in end-to-end encryption might change. This is likely because you or your contact reinstalled WhatsApp or changed phones. Secure your Whatsapp account by enabling this feature. You will be notified when the security code changes and will be able to catch the cybercriminal before you get scammed.

Already been scammed?

If you have already fallen victim to this scam you can contact SwiftTechLaw if you require any further advice or assistance. If you are still in control of your number, secure your Whatsapp account before it is too late. For those thinking “nah – it will never happen to me”, let’s hope you don’t have generous friends and family members.

Where did POPIA and GDPR originate from? A lesser-known fact is that the European Union is the birthplace of modern information privacy laws. The right to privacy has existed for centuries. However, E.U countries experienced first-hand how the abuse of personal information can lead to detrimental (sometimes fatal) consequences. This led to the adoption of the European Union Data Protection Directive (EUDPD) in the mid-1990’s in an effort to regulate the use of information.

Since then, the digital age has presented major challenges to regulation. Technology enables the transfer of vast amounts of information across borders with many benefits. However, it simultaneously enables the citizens from countries governed by privacy legislation to transfer data outside their borders and bypass restrictions. In response, information privacy laws were amended to prohibit the transfer of personal information to countries with lower standards of legal regulation than their own.

In this context South Africa promulgated the Protection of Personal Information Act (POPIA). It ensures that South Africa is able to process information and conduct business with European countries for commercial benefit. Conversely, POPIA advances the right to privacy contained in the South African Constitution and imposes harsh sanctions for non-compliance.

In an expanding digital economy, stake holders within South Africa and the E.U increasingly process personal information across both jurisdictions. While South Africa and the E.U both have comprehensive laws in place, there are disparities and similarities between both. This creates a frequently asked, seldom answered question:

When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple, but a basic understanding can assist.

What POPIA compliant organisations need to know about the GDPR

POPIA extends to the protection of personal information of juristic persons (i.e. legal entities) and not just individuals, making it more extensive and stringent than the GDPR which only applies to natural persons. It is therefore necessary for South African organisations to ensure that should they engage in business with organisations who are GDPR compliant, that these organisations extend their data protection to juristic persons in order to align with POPIA requirements.

POPIA is also more stringent in its requirement that an Information Officer should be appointed for all organisations, while the GDPR only requires the appointment of a Data Protection Officer for certain organisations.

Furthermore, the GDPR has much larger fines than POPIA. The GDPR carries fines of up to €20 Million or 4% of the global annual turnover, whichever is higher. The maximum penalties under POPIA are a R10 million fine and/or imprisonment for a period not exceeding 10 years, where the GDPR considers the latter to be a matter for member state law. Read more on POPIA requirements here.

What GDPR compliant organisations need to know about POPIA

While the concept of privacy by design is mandated by the GDPR, it is not mentioned in POPIA at all and remains a best practice option or voluntary approach for POPIA compliant organisations.

The GDPR furthermore provides data subjects with the benefits of data portability where data subjects may request that their data be transferred to another controller or service provider. This right is not extended to data subjects under POPIA.

The GDPR also mandates that data protection impact assessments be conducted and that evidence or documentation of such assessments be maintained. Currently there is no corresponding requirement under POPIA.

The best way forward

When it comes to information privacy compliance, there is no one-size-fits-all solution. As a point of departure, if you’re processing personal information (or personal data) regulated by POPIA and GDPR, you must satisfy the requirements of both jurisdictions. The good news is that adapting POPIA or GDPR for dual legal compliance is not onerous or invasive. It however requires expertise in both areas to ensure secure data-related commercial transactions.

Contact SwiftTechLaw here to enroll in our Privacy Law Compliance Program for 2020.