By now, news of the Ashley Madison hack is widespread. The online dating and social network service seeks to facilitate infidelity by targeting people who are married or in a committed relationship. The target line is “Life is short. Have an affair”.
Depending on the source, it has been reported that between 32 and 39 million users’ private information has been compromised; including names, e-mail addresses, credit card information, transaction history, user messages and internal e-mail messages belonging to the Ashley Madison parent company.
The hackers responsible, known as the Impact Team, stated in a recent interview that they will target “any companies that make 100s of millions profiting off pain of others, secrets, and lies. Maybe corrupt politicians…“
The data leak has lead to many red-faced CEO’s, bankers and government officials; extortion appears likely at some point…
While you may feel zero empathy or sympathy with those affected, the take-away point here must be that the internet is insecure (but permanent) – to think you are anonymous and your personal information is safe online is probably foolhardy. As CNN points out, everything is tracked and the internet is inherently insecure – no company can really guarantee privacy.
Many countries now have comprehensive data protection legislation, great! However, this does nothing to protect data before the fact; and although it will encourage best practice in data security moving forward, many hackers are a step ahead of the game…
In Canada, the holding companies that own Ashley Madison (the website is based in Canada) have recently been served with a $578 million dollar class action based on the breach of personal information. In the US, a class action seeking $5 million dollars for damages was also recently launched.
In South Africa, the Protection of Personal Information Act (POPI) was recently signed into law – it primarily seeks to prevent the negligent disclosure of personal information.
That being said, to date, POPI is not yet fully operational, but once it is (which is imminent) it will place South Africans in a similar position to the US, Canada, New Zealand, UK et al in terms of data security legislation.
Some 49 000 affected users are from South Africa according to a useful infographic on mybroadband’s website. However, even if the Information Regulator created by POPI was established (this is still in progress) the Regulator may not be in a position to impose fines (or other corrective action) on entities that operate outside the borders of South Africa. Further, a legal action in South Africa’s courts (against Ashley Madison) would probably also fail on the basis of a lack of jurisdiction.
By way of example, the Privacy Commissioner in New Zealand (similar to what South Africa’s Information Regulator will be) lists advice about what to do and who to complain to (for New Zealand citizens affected by the hack) here; but have said they are not sure they can do much more than investigate and doubt whether they have jurisdiction to take the matter further.
Back to South Africa; POPI primarily seeks to prevent the negligent disclosure of personal information. Companies will have a one year grace period to fully comply and will be required to demonstrate compliance with documented policies and procedures – these documents must demonstrate compliance with eight key principles contained within POPI. The core message of POPI is reasonable use, storage and dissemination of personal information – and ensuring information is accurate.
Therefore, even if a data breach occurs in South Africa by virtue of hacking, if a company can show it has taken all reasonable steps (according to current, industry best practice) it may well be immune from fines or further action. The key here is that the company takes reasonable steps – not every possible step. Clearly, these steps and internal procedures must be in a written (or electronic) document and all employees must be aware of the policy and how to use (and not use) personal information. The time is therefore now if your company does not yet have a data security (POPI) policy and/or procedure.
Finally, and in my view, and based on the limited information available in the media, it appears that Ashley Madison did not take all reasonable precautions – particularly in light of the fact that some users paid a fee ($20) for a “full delete” of their personal information and yet this information is still contained within the data that was posted online.
Further, in a reported interview with the hackers, it was claimed that security on the website was “bad”, and that “nobody was watching” and there was “no security”.
From a layman’s perspective, this does not appear to be reasonable conduct by the owners of the website. That said, the affected users of the hack must establish and allege an actual or certainly impending threat of injury before the case will proceed to quantify the loss suffered – for more information on the US legal position, see here. [PDF]
Law Blog 
Thank you for sharing your thoughts. I really appreciate your efforts and I am waiting for your next write ups thank you once again.. RTC bus advertising in Coimbatore are a lot of into these kinds of ads as a result of they need many bus running round the town and provides higher business offers to company for big tie ups. Little business will merely bureau and book an area in their desired target and for the required length for the ad to look.
LikeLike
Advertising is your main tool to have the business ready to go. Actually, everybody is busy in their company marketing over the World Wide Web. Unfortunately, online company is scammed with scammers. On occasion the provider hires you freelance, or occasionally it is a site designer which orders the copy google At an identical time, if you decide on the most suitable company having excellent reviews and reputation, you will enjoy well composed works. http://google.com/
LikeLike
It’s so casual when people leaves their website unprotected it’s like open your door wide open and try to sleep. I hope after accidents like that people and especially government will be more aware about it in the future.
LikeLike
Thanks for sharing the information. Keep the good work going.Shareit uTorrent Pro youtube go
LikeLike