Attempted Security Breach at CIPC 

On February 29, 2024, CIPC issued a notice related to a security breach attempt. This led to unauthorised access to the personal data of clients and CIPC employees stored in the CIPC records. 

Refer : CIPC Notification

Their ICT team, alerted by the robust firewall and data protection mechanisms, quickly responded to the potential cyberattack by shutting down certain systems to prevent further damage. The breach was contained through the prompt actions of the ICT and informational security teams. Soon, the affected systems were restored and fully operational.

Regrettably, it did result in the unauthorised disclosure of some personal details belonging to the CIPC clients and staff. As a result, all businesses are advised to closely monitor their credit card activities and approve only recognised and legitimate transactions. 

Keeping in mind the importance of system reliability and the confidentiality of non-public information, CIPC is actively implementing measures to reduce the impact on its clients and employees. 

The two most important operational concerns for any business are the security and protection of its personal information. To safeguard these details, all South African Companies were mandated to comply with the Protection of Personal Information (POPI) Act or POPIA from July 1, 2021. 

Importance of Third-Party Security Measures 

Even when CIPC has unquestionable security measures in place, there is a risk of data breach when third-party vendors do not place appropriate safety measures. 

Section 21 of the POPI Act mandates that the organisation and third-party operator formalise a written agreement. It will require the operator to implement and uphold the security protocols outlined in the act. Furthermore, it is a legal obligation for the operators to promptly inform the organisation if there is a suspicion that a data subject’s personal information has been accessed or acquired by an unauthorised individual.

POPI Act

The act aims to safeguard the personal information of public and private companies in South Africa. According to the act, personal information is limited not only to natural persons (human beings) but also extends to juristic persons (like companies). It provides clear directives on how to notify both regulators and data subjects in the event of a data breach. 

Companies must follow the act while preparing iXBRL instance documents and filing reports with CIPC. Failing to comply can cause severe consequences for the company. 

However, recently, there was a security compromise as per section 22 of the POPI Act, 4 of 2013. Read on to find the details.

Importance of POPI Act compliance for iXBRL preparation

Why DataTracks? 

DataTracks can be your best bet for CIPC iXBRL filing. The professionals at the company have 18 years of experience in preparing more than 348,000 compliant reports for 23,400+ clients. But the best part? The Cloud-based data management system at DataTracks can save sensitive information from vulnerability as per the POPI Act. So, If your goal is to achieve error-free and secure reports in the iXBRL format, DataTracks is your go-to solution. Our flagship product, DataTracks Rainbow, is a state-of-the-art iXBRL tagging software designed to streamline your reporting process. if you are looking for iXBRL format reports that are both error-free and secure, contact DataTracks today at enquiry@datatracks.co.za or call +27104469061. 

For more updates about the POPI Act and security measures, subscribe to the DataTracks blog @ https://www.datatracks.com/za/cipc/blog/.