The Department of Justice and Constitutional Development (DOJCD) has been fined R5 million by the Information Regulator for failing to comply with an enforcement notice issued in May.
The regulator issued the notice after the department contravened various sections of the Protection of Personal Information Act (POPIA) following its failure to renew anti-virus and IT security solutions licenses.
“The Enforcement Notice had required the DOJCD to submit proof to the regulator within 31 days of receipt of the notice that the Trend Anti-Virus licence, the SIEM [security information and event management] licence and the Intrusion Detection System Licence have been renewed.
“It also required the department to institute disciplinary proceedings against the official/s who failed to renew the licences, which is necessary to safeguard the department against security compromises.
“The regulator indicated that should the DOJCD fail to abide by the Enforcement Notice within the stipulated timeframe, it will be guilty of an offence, in terms of which the regulator may impose an administrative fine in the amount not exceeding R10 million, or liable upon conviction to a fine or to imprisonment of the responsible officials,” the regulator said.
According to the independent body, the deadline for submitting proof that the licences had been renewed was 3 June – a deadline the department missed.
“To date, the department has not provided the regulator with a report on the implementation of the actions required in the enforcement notice or any other communication in that regard. The department had the right to appeal the Enforcement Notice in terms of section 97(1) of POPIA, and they have failed to exercise that right.
“Given this lack of compliance with the enforcement notice, the regulator has made a determination that the department has failed to comply with the Enforcement Notice served to it in terms of POPIA. Accordingly, the regulator has issued an administrative fine of R5 million to the department for failure to comply with the enforcement notice.
“The department has 30 days, from 3 July 2023, to pay the administrative fine or make arrangements with the regulator to pay the administrative fine in instalments or elect to be tried in court on a charge of having committed the alleged offence referred in terms of POPIA,” the regulator said. – SAnews.gov.za