Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared
DOI:
https://doi.org/10.17159/1727-3781/2021/v24i0a10727Keywords:
Financial services market, cybercrime, financial regulators, data protection, Protection of Personal Information Act 4 of 2013, European Union General Data Protection RegulationAbstract
The contemporary global financial services market has witnessed a substantial increase in cybercrime which places consumers’ personal data at risk. Rapid increases in cybercrime linked to the financial services market have driven financial market regulators to pass novel laws and regulations aimed at curbing the rate of occurrence of cybercrimes connected to personal data sharing. To that end, banks and/or financial services companies in Europe have swiftly moved to comply with the European Union’s General Data Protection Regulation. Whilst personal data protection regulation is not a new concept in Europe, most African countries (with exception of South Africa) do not have laws and regulations on personal data protection. With the financial services market being extremely vulnerable to cyber risks owing to the digitisation of the financial services sector, it is important to assess the suitability of South Africa’s current regulatory framework concerning the protection of personal data. This article thus examines South Africa’s Protection of Personal Information Act 4 of 2013 with a view to ascertaining its suitability and/or adequacy in protecting personal data in the country’s financial services market. With the global Covid-19 pandemic bringing about concerns related to rapid increases in cyber-attacks in the financial services market owing to the increased sharing of the sensitive personal data of consumers, there is also need to test the POPIA’s conformity with the strict European Union GDPR personal data protection guidelines.
Downloads
References
Bibliography
Literature
Akinbowale OE, Klingehofer, HE and Zerihun MF "Analysis of Cyber-crime Effects on the Banking Sector Using the Balanced Score Card: A Survey of Literature" 2020 JFC 945-958
Alshubiri F, Jamil SA and Elheddad M "The Impact of ICT on Financial Development: Empirical Evidence from the Gulf Cooperation Council Countries" 2019 IJEBM 1-14
Boer M and Vazquez J Cyber Security and Financial Stability: How Cyber- attacks could Materially Impact the
DTTL 2012 DTTL Global Financial Services Industry Security Study Deloitte Touche Tohmatsu Limited 2012 DTTL Global Financial Services Industry Security Study (Deloitte Global Services Limited New York 2012)
Dupont B "The Cyber-resilience of Financial Institutions: Significance and Applicability" 2019 J Cybersecur 1-17
European Union Agency for Fundamental Rights Handbook on European Data Protection Law (Publications Office of the European Union Luxembourg 2018)
Fuster GG The Emergence of Personal Data Protection as a Fundamental Right of the EU (Springer Cham 2014)
Hernandez de Cos P "Financial Technology: The 150-year Revolution" Keynote address delivered at the 22nd Euro Finance Week (19 November 2019 Frankfurt) 1-11
Hoofnagle C "Designing for Consent" 2018 EuCML 162-171
Hoofnagle CJ, Van der Sloot B and ZuiderveenBorgesius F "The European Union General Data Protection Regulation: What it is and What it Means" 2019 ICTL 65-98
Jang-Jaccard J and Nepal S "A Survey of Emerging Threats in Cybersecurity" 2014 JCSS 973-993
Rodotà S "Data Protection as Fundamental Human Right" in Gutwirth S et al (eds) Reinventing Data Protection? (Springer Dordrecht 2009) 77-82
Rücker and Kugler New European General Data Protection Regulation Rücker D and Kugler T New European General Data Protection Regulation: A Practitioner's Guide (Baden-Baden Nomos 2018)
Schwartz PM and Peifer KN "Transatlantic Data Privacy Law" 2017 Geo LJ
-179
Senousy Y, El-Khamisy N and Riad AEM "Recent Trends in Big Data Analytics towards More Enhanced Insurance Business Models" 2018 IJCSIS 39-45
Vasarhelyi MA and Kogan A "Big Data in Accounting: An Overview" 2015
Account Horiz 381-396
Voigt P and Von dem Bussche A The EU General Data Protection Regulation (GDPR): A Practical Guide (Springer Cham 2017)
Yoon S "A Study on the Transformation of Accounting Based on New Technologies: Evidence from Korea" 2020 Sustainability 1-22
Case law
Google Spain SL, Google Inc v Agencia Española de Protección de Datos (AEPD), Mario Costeja González (Case C-131/12) [2014] ECLI:EU:C:2014:317
Legislation
Europe
Charter of Fundamental Rights of the European Union (2012) 2012/C326/02
Convention on Cybercrime (2001)
Directive 95/46/EC (Data Protection Directive) (24 October 1995)
General Data Protection Regulation (EU) 2016/679 (27 April 2016)
Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC (9 April 2014)
South Africa
Constitution of the Republic of South Africa, 1996
Consumer Protection Act 68 of 2008
Electronic Communications and Transactions Act 25 of 2002 Protection of Personal Information Act 4 of 2013 Government publications
Cybercrimes and Cybersecurity Bill [B6-2017]
Proc R21 in GG 43461 of 22 June 2020
Internet sources
Anon 2020 Six Cybersecurity Threats the Financial Services Sector Faces https://www.securitymagazine.com/articles/93534-six-cybersecurity- threats-the-financial-services-sector-faces accessed 3 February 2021
Barnes S 2018 There are Two Types of Companies: Those Who Know They've been Hacked and Those Who Do Not https://dynamicbusiness.com.au/topics/technology/there-are-two-types-of- companies-those-who-know-theyve-been-hacked-those-who-dont.html accessed 2 March 2021
Baur-Yazbeck S, Frickenstein J and Medine D 2019 Cyber Security in Financial Sector Development: Challenges and Potential Solutions for Financial Inclusion https://www.findevgateway.org/sites/default/files/ publications/files/cyber_security_paper_november2019.pdf accessed 22
February 2021
Bernstein D 2018 SA Firms at High Risk from Europe's GDPR https://techcentral.co.za/sa-firms-at-high-risk-from-europes-gdpr/80801/ accessed 2 April 2021
Biallas M and O'Neill F 2020 Artificial Intelligence Innovation in Financial Services https://www.ifc.org/wps/wcm/connect/448601b9-e2bc-4569-8d48- 6527c29165e8/EMCompass-Note-85-AI-Innovation-in-Financial- Services.pdf?MOD=AJPERES&CVID=nfuDUlG accessed 2 March 2021
Borghard 2018 https://carnegieendowment.org/2018/09/24/protecting- financial-institutions-against-cyber-threats-national-security-issue-pub- 77324
Borghard E 2018 Protecting Financial Institutions against Cyber Threats: A National Security Issue https://carnegieendowment.org/2018/09/24/ protecting-financial-institutions-against-cyber-threats-national-security- issue-pub-77324 accessed 16 February 2021
De la Riva 2018 https://www.buguroo.com/en/blog/cybercriminals-in-the- financial-sector-understanding-the-culprits-behind-the-keystrokes
De la Riva P 2018 Cybercriminals in Financial Sector: The Culprits Behind the Keystrokes https://www.buguroo.com/en/blog/cybercriminals-in-the- financial-sector-understanding-the-culprits-behind-the-keystrokes accessed 5 February 2021
European Commission 2020 Data Transfers Outside the EU https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers- outside-eu_en accessed 8 February 2021
European Parliament 2020 The Ethics of Artificial Intelligence: Issues and Initiatives https://www.europarl.europa.eu/RegData/etudes/STUD/2020/634452/EPR S_STU(2020)634452_EN.pdf accessed 12 February 2021
Gartner 2013 Threat Intelligence: What is it, and How can it Protect You from Today's Advanced Cyber-attacks? https://www.gartner.com/ imagesrv/media-products/pdf/webroot/issue1_webroot.pdf accessed 12
February 2021
GlobeNewswire 2020 Global Mobile Payment Technology Market will Reach USD 5,500 Billion by 2026: Facts and Factors https://www.globenewswire.com/news- release/2020/10/26/2114405/0/en/Global-Mobile-Payment-Technology- Market-Will-Reach-USD-5-500-billion-by-2026-Facts-Factors.html accessed 16 February 2021
IBM 2014 https://www.readkong.com/page/ibm-security-services-2014- cyber-security-intelligence-index-6806866
International Business Machines Corporations 2014 IBM Security Services 2014 Cyber Intelligence Index – Analysis of Cyber Attack and Incident Data from IBM's Worldwide Security Operations https://www.readkong. com/page/ibm-security-services-2014-cyber-security-intelligence-index- 6806866 accessed 18 February 2021
International Monetary Fund 2020 Cyber Risk is the New Threat to Financial Stability https://blogs.imf.org/2020/12/07/cyber-risk-is-the-new-threat-to- financial-stability/ accessed 17 February 2021
Intel Team 2013 Not Your Average Cybercriminal: A Look at the Diverse Threats to the Financial Services Industry https://www.cyber disruption.com/?cat=1687 18 February 2021
Kuneva M 2009 Keynote Speech SPEECH/09/156 (Roundtable on Online Data Collection, Targeting and Profiling March 31, 2009) http://europa.eu/rapid/press-release_SPEECH-09-156_en.htm accessed 19 February 2021
Lagazio M, Sherif N and Cushman M 2020 A Multi-level Approach to Understanding the Impact of Cyber-crime on the Financial Sector https://core.ac.uk/download/pdf/20543077.pdf accessed 16 February 2021
Lund J 2021 How Customer Experience Drives Digital Transformation
https://www.superoffice.com/blog/digital-transformation/ accessed 20
February 2021
MacKenzie B 2019 General Data Protection Regulation (GDPR) in Africa: So What? https://www.bakermckenzie.com/en/insight/publications/ 2019/05/general-data-protection-regulation accessed 23 February 2021
Marketwired 2013 Agri Q3 TrustIndex Report: Financial and Health Care Most at Risk for Email-Based Cyberattacks
https://www.yahoo.com/news/agari-q3-trustindex-report-financial- 120000057.html accessed 26 April 2021
Morgan S 2021 Cybercrime to Cost the World $ 10.5 Trillion Annually by 2025 https://cybersecurityventures.com/hackerpocalypse-cybercrime-
report-2016/ accessed 3 February 2021
Muncaster P 2021 Most Financial Services have Suffered COVID-linked- cyber-attacks https://www.infosecurity-magazine.com/news/financial- services-suffered-covid/ accessed 22 February 2021
Norwich University Online 2017 Who are Cyber Criminals? https://online.norwich.edu/academic-programs/resources/who-are-cyber- criminals accessed 5 February 2021
Organisation for Economic Co-operation and Development 2020 Digital Disruption in Banking and its Impact on Competition http://www.oecd.org/daf/competition/digital-disruption-in-financial- markets.htm accessed 21 February 2021
Pan G et al (eds) 2015 Analytics and Cybersecurity: The Shape of Things to Come https://www.cpaaustralia.com.au/~/media/corporate/ allfiles/document/professional-resources/business/analytics-and- cybersecurity.pdf accessed 12 February 2021
PricewaterhouseCoopers 2014 US Cybercrime: Rising Risks, Reduced Readiness: Key Findings from the 2014 US State of Cybercrime Survey https://collabra.email/wp-content/uploads/2015/04/2014-us-state-of- cybercrime.pdf accessed 18 February 2021
PwC 2014 https://www.pwc.com/na/en/assets/pdf/global-state-of- information-security-survey-2014-key-findings-report.pdf
https://www.pwc.com/na/en/assets/pdf/global-state-of-information-security- survey-2014-key-findings-report.pdf accessed 19 February 2021
Rathi S 2020 Cybercrime and the Risks to the Financial System https://internationalsecurityjournal.com/cybercrime-and-the-financial- system/ accessed 3 February 2021
Sobers R 2021 Cybersecurity Issues are Becoming a Day-to-day Struggle for Businesses https://www.varonis.com/blog/cybersecurity-statistics/ accessed 15 February 2021
United Nations Conference on Trade and Development 2018 Harnessing Frontier Technologies for Sustainable Development Innovation and Technology Report 2018 https://unctad.org/system/files/official- document/tir2018_en.pdf accessed 12 February 2021
World Bank Group 2019 Financial Sector’s Cybersecurity: A Regulatory Digest https://pubdocs.worldbank.org/en/208271558450284768/CybersecDigest- 3rd-Edition-May2019.pdf accessed 23 April 2021
World Bank Group 2018 Financial Sector’s Cybersecurity: Regulations and Supervision https://openknowledge.worldbank.org/handle/10986/11866 accessed 23 April 2021
Published
Issue
Section
License