Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared

Keywords: Financial services market, cybercrime, financial regulators, data protection, Protection of Personal Information Act 4 of 2013, European Union General Data Protection Regulation

Abstract

The contemporary global financial services market has witnessed a substantial increase in cybercrime which places consumers’ personal data at risk. Rapid increases in cybercrime linked to the financial services market have driven financial market regulators to pass novel laws and regulations aimed at curbing the rate of occurrence of cybercrimes connected to personal data sharing. To that end, banks and/or financial services companies in Europe have swiftly moved to comply with the European Union’s General Data Protection Regulation. Whilst personal data protection regulation is not a new concept in Europe, most African countries (with exception of South Africa) do not have laws and regulations on personal data protection. With the financial services market being extremely vulnerable to cyber risks owing to the digitisation of the financial services sector, it is important to assess the suitability of South Africa’s current regulatory framework concerning the protection of personal data. This article thus examines South Africa’s Protection of Personal Information Act 4 of 2013 with a view to ascertaining its suitability and/or adequacy in protecting personal data in the country’s financial services market. With the global Covid-19 pandemic bringing about concerns related to rapid increases in cyber-attacks in the financial services market owing to the increased sharing of the sensitive personal data of consumers, there is also need to test the POPIA’s conformity with the strict European Union GDPR personal data protection guidelines.

 

GS92.png

References

Bibliography

Literature

Akinbowale OE, Klingehofer, HE and Zerihun MF "Analysis of Cyber-crime Effects on the Banking Sector Using the Balanced Score Card: A Survey of Literature" 2020 JFC 945-958

Alshubiri F, Jamil SA and Elheddad M "The Impact of ICT on Financial Development: Empirical Evidence from the Gulf Cooperation Council Countries" 2019 IJEBM 1-14

Boer M and Vazquez J Cyber Security and Financial Stability: How Cyber- attacks could Materially Impact the

DTTL 2012 DTTL Global Financial Services Industry Security Study Deloitte Touche Tohmatsu Limited 2012 DTTL Global Financial Services Industry Security Study (Deloitte Global Services Limited New York 2012)

Dupont B "The Cyber-resilience of Financial Institutions: Significance and Applicability" 2019 J Cybersecur 1-17

European Union Agency for Fundamental Rights Handbook on European Data Protection Law (Publications Office of the European Union Luxembourg 2018)

Fuster GG The Emergence of Personal Data Protection as a Fundamental Right of the EU (Springer Cham 2014)

Hernandez de Cos P "Financial Technology: The 150-year Revolution" Keynote address delivered at the 22nd Euro Finance Week (19 November 2019 Frankfurt) 1-11

Hoofnagle C "Designing for Consent" 2018 EuCML 162-171

Hoofnagle CJ, Van der Sloot B and ZuiderveenBorgesius F "The European Union General Data Protection Regulation: What it is and What it Means" 2019 ICTL 65-98

Jang-Jaccard J and Nepal S "A Survey of Emerging Threats in Cybersecurity" 2014 JCSS 973-993

Rodotà S "Data Protection as Fundamental Human Right" in Gutwirth S et al (eds) Reinventing Data Protection? (Springer Dordrecht 2009) 77-82

Rücker and Kugler New European General Data Protection Regulation Rücker D and Kugler T New European General Data Protection Regulation: A Practitioner's Guide (Baden-Baden Nomos 2018)

Schwartz PM and Peifer KN "Transatlantic Data Privacy Law" 2017 Geo LJ

-179

Senousy Y, El-Khamisy N and Riad AEM "Recent Trends in Big Data Analytics towards More Enhanced Insurance Business Models" 2018 IJCSIS 39-45

Vasarhelyi MA and Kogan A "Big Data in Accounting: An Overview" 2015

Account Horiz 381-396

Voigt P and Von dem Bussche A The EU General Data Protection Regulation (GDPR): A Practical Guide (Springer Cham 2017)

Yoon S "A Study on the Transformation of Accounting Based on New Technologies: Evidence from Korea" 2020 Sustainability 1-22

Case law

Google Spain SL, Google Inc v Agencia Española de Protección de Datos (AEPD), Mario Costeja González (Case C-131/12) [2014] ECLI:EU:C:2014:317

Legislation

Europe

Charter of Fundamental Rights of the European Union (2012) 2012/C326/02

Convention on Cybercrime (2001)

Directive 95/46/EC (Data Protection Directive) (24 October 1995)

General Data Protection Regulation (EU) 2016/679 (27 April 2016)

Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC (9 April 2014)

South Africa

Constitution of the Republic of South Africa, 1996

Consumer Protection Act 68 of 2008

Electronic Communications and Transactions Act 25 of 2002 Protection of Personal Information Act 4 of 2013 Government publications

Cybercrimes and Cybersecurity Bill [B6-2017]

Proc R21 in GG 43461 of 22 June 2020

Internet sources

Anon 2020 Six Cybersecurity Threats the Financial Services Sector Faces https://www.securitymagazine.com/articles/93534-six-cybersecurity- threats-the-financial-services-sector-faces accessed 3 February 2021

Barnes S 2018 There are Two Types of Companies: Those Who Know They've been Hacked and Those Who Do Not https://dynamicbusiness.com.au/topics/technology/there-are-two-types-of- companies-those-who-know-theyve-been-hacked-those-who-dont.html accessed 2 March 2021

Baur-Yazbeck S, Frickenstein J and Medine D 2019 Cyber Security in Financial Sector Development: Challenges and Potential Solutions for Financial Inclusion https://www.findevgateway.org/sites/default/files/ publications/files/cyber_security_paper_november2019.pdf accessed 22

February 2021

Bernstein D 2018 SA Firms at High Risk from Europe's GDPR https://techcentral.co.za/sa-firms-at-high-risk-from-europes-gdpr/80801/ accessed 2 April 2021

Biallas M and O'Neill F 2020 Artificial Intelligence Innovation in Financial Services https://www.ifc.org/wps/wcm/connect/448601b9-e2bc-4569-8d48- 6527c29165e8/EMCompass-Note-85-AI-Innovation-in-Financial- Services.pdf?MOD=AJPERES&CVID=nfuDUlG accessed 2 March 2021

Borghard 2018 https://carnegieendowment.org/2018/09/24/protecting- financial-institutions-against-cyber-threats-national-security-issue-pub- 77324

Borghard E 2018 Protecting Financial Institutions against Cyber Threats: A National Security Issue https://carnegieendowment.org/2018/09/24/ protecting-financial-institutions-against-cyber-threats-national-security- issue-pub-77324 accessed 16 February 2021

De la Riva 2018 https://www.buguroo.com/en/blog/cybercriminals-in-the- financial-sector-understanding-the-culprits-behind-the-keystrokes

De la Riva P 2018 Cybercriminals in Financial Sector: The Culprits Behind the Keystrokes https://www.buguroo.com/en/blog/cybercriminals-in-the- financial-sector-understanding-the-culprits-behind-the-keystrokes accessed 5 February 2021

European Commission 2020 Data Transfers Outside the EU https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers- outside-eu_en accessed 8 February 2021

European Parliament 2020 The Ethics of Artificial Intelligence: Issues and Initiatives https://www.europarl.europa.eu/RegData/etudes/STUD/2020/634452/EPR S_STU(2020)634452_EN.pdf accessed 12 February 2021

Gartner 2013 Threat Intelligence: What is it, and How can it Protect You from Today's Advanced Cyber-attacks? https://www.gartner.com/ imagesrv/media-products/pdf/webroot/issue1_webroot.pdf accessed 12

February 2021

GlobeNewswire 2020 Global Mobile Payment Technology Market will Reach USD 5,500 Billion by 2026: Facts and Factors https://www.globenewswire.com/news- release/2020/10/26/2114405/0/en/Global-Mobile-Payment-Technology- Market-Will-Reach-USD-5-500-billion-by-2026-Facts-Factors.html accessed 16 February 2021

IBM 2014 https://www.readkong.com/page/ibm-security-services-2014- cyber-security-intelligence-index-6806866

International Business Machines Corporations 2014 IBM Security Services 2014 Cyber Intelligence Index – Analysis of Cyber Attack and Incident Data from IBM's Worldwide Security Operations https://www.readkong. com/page/ibm-security-services-2014-cyber-security-intelligence-index- 6806866 accessed 18 February 2021

International Monetary Fund 2020 Cyber Risk is the New Threat to Financial Stability https://blogs.imf.org/2020/12/07/cyber-risk-is-the-new-threat-to- financial-stability/ accessed 17 February 2021

Intel Team 2013 Not Your Average Cybercriminal: A Look at the Diverse Threats to the Financial Services Industry https://www.cyber disruption.com/?cat=1687 18 February 2021

Kuneva M 2009 Keynote Speech SPEECH/09/156 (Roundtable on Online Data Collection, Targeting and Profiling March 31, 2009) http://europa.eu/rapid/press-release_SPEECH-09-156_en.htm accessed 19 February 2021

Lagazio M, Sherif N and Cushman M 2020 A Multi-level Approach to Understanding the Impact of Cyber-crime on the Financial Sector https://core.ac.uk/download/pdf/20543077.pdf accessed 16 February 2021

Lund J 2021 How Customer Experience Drives Digital Transformation

https://www.superoffice.com/blog/digital-transformation/ accessed 20

February 2021

MacKenzie B 2019 General Data Protection Regulation (GDPR) in Africa: So What? https://www.bakermckenzie.com/en/insight/publications/ 2019/05/general-data-protection-regulation accessed 23 February 2021

Marketwired 2013 Agri Q3 TrustIndex Report: Financial and Health Care Most at Risk for Email-Based Cyberattacks

https://www.yahoo.com/news/agari-q3-trustindex-report-financial- 120000057.html accessed 26 April 2021

Morgan S 2021 Cybercrime to Cost the World $ 10.5 Trillion Annually by 2025 https://cybersecurityventures.com/hackerpocalypse-cybercrime-

report-2016/ accessed 3 February 2021

Muncaster P 2021 Most Financial Services have Suffered COVID-linked- cyber-attacks https://www.infosecurity-magazine.com/news/financial- services-suffered-covid/ accessed 22 February 2021

Norwich University Online 2017 Who are Cyber Criminals? https://online.norwich.edu/academic-programs/resources/who-are-cyber- criminals accessed 5 February 2021

Organisation for Economic Co-operation and Development 2020 Digital Disruption in Banking and its Impact on Competition http://www.oecd.org/daf/competition/digital-disruption-in-financial- markets.htm accessed 21 February 2021

Pan G et al (eds) 2015 Analytics and Cybersecurity: The Shape of Things to Come https://www.cpaaustralia.com.au/~/media/corporate/ allfiles/document/professional-resources/business/analytics-and- cybersecurity.pdf accessed 12 February 2021

PricewaterhouseCoopers 2014 US Cybercrime: Rising Risks, Reduced Readiness: Key Findings from the 2014 US State of Cybercrime Survey https://collabra.email/wp-content/uploads/2015/04/2014-us-state-of- cybercrime.pdf accessed 18 February 2021

PwC 2014 https://www.pwc.com/na/en/assets/pdf/global-state-of- information-security-survey-2014-key-findings-report.pdf

https://www.pwc.com/na/en/assets/pdf/global-state-of-information-security- survey-2014-key-findings-report.pdf accessed 19 February 2021

Rathi S 2020 Cybercrime and the Risks to the Financial System https://internationalsecurityjournal.com/cybercrime-and-the-financial- system/ accessed 3 February 2021

Sobers R 2021 Cybersecurity Issues are Becoming a Day-to-day Struggle for Businesses https://www.varonis.com/blog/cybersecurity-statistics/ accessed 15 February 2021

United Nations Conference on Trade and Development 2018 Harnessing Frontier Technologies for Sustainable Development Innovation and Technology Report 2018 https://unctad.org/system/files/official- document/tir2018_en.pdf accessed 12 February 2021

World Bank Group 2019 Financial Sector’s Cybersecurity: A Regulatory Digest https://pubdocs.worldbank.org/en/208271558450284768/CybersecDigest- 3rd-Edition-May2019.pdf accessed 23 April 2021

World Bank Group 2018 Financial Sector’s Cybersecurity: Regulations and Supervision https://openknowledge.worldbank.org/handle/10986/11866 accessed 23 April 2021

Published
2021-05-21
How to Cite
WarikandwaT. V. (2021). Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared. Potchefstroom Electronic Law Journal, 24, 1 - 32. https://doi.org/10.17159/1727-3781/2021/v24i0a10727
Section
Special Edition: Corporate and Financial Markets 2021