Print
Measures to be taken by companies to guarantee security of Internet transactions
August 25, 2008 – 6:36 pm by Lance MichalsonSection 43(5) of the ECT Act requires the supplier in an electronic transaction to “utilise a payment system that is sufficiently secure with reference to accepted technological standards at the time of the transaction and the type of transaction concerned.” If a payment system is breached, the supplier must reimburse the consumer for any loss suffered. In most instances the supplier does not provide or operate the payment system and this obligation will shift to the provider who is sometimes the ISP.
Apart from the aforegoing, whilst there is no specific law which imposes specific information security related obligations on companies and ISP’s, both have a common law duty not to be “negligent”. When South African Courts consider whether an act was negligent or not, they will try to find out if a “reasonable man” in the defendant’s position (e.g. the ISP) would have acted differently if the damage was reasonably foreseeable and preventable. It may be argued that compromises to an organisation’s information security is a foreseen risk which should be guarded against and that any omission to take preventative or remedial steps could be regarded as a negligent act which may lead to liability.
- Subscribe - unlimited access for R495 per month per subscriber. It's quick and easy, and you can unsubscribe at any time. Find out more about the benefits of subscribing. Why you should pay for the content. Subscribe Now.
- Register - limited access for FREE, and without obligation. It's quick and easy to get greater access instantly. Select "Free Account" under the Subscription Options. [ Register ]
Similar:
- Infosec Policies - Role of Attorneys
- What is “information security law”?
- Payment Card Industry Data Security Standard
- Consumer protection provisions of the ECT Act
- Info that must be on your web site
You must be logged in to post a comment.