Cybersecurity Law

Cybersecurity or information security is a crucial part of information management. We are experts on the legal aspects regards the security of information (infosec). You can read our advice, or about the products or services we offer related to this focus area below:

Gated Access Code of Conduct under POPIA

On 30 April 2026, the Information Regulator published the draft Gated Access Code of Conduct under POPIA to ensure that owners and managers (and their security and technology service providers) of any premises (including residential estates and office parks) with [...]

By |2026-05-21T12:05:11+02:00May 5th, 2026|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , |
Read More

Standard Bank | Data breach

Standard Bank, Africa’s largest bank, has disclosed a data breach affecting a number of its clients. This raises concerns about rising cybersecurity risks across South Africa’s financial sector. Standard Bank directly communicated with their clients and confirmed that someone had […]

By |2026-04-29T10:58:20+02:00April 29th, 2026|Categories: Cybercrime, Cybersecurity Law, POPI and Data Protection|Tags: , , , , , |
Read More

Regulation of Cybersecurity Services in South Africa by PSiRA

PSiRA may expand its regulation of cybersecurity services in South Africa. What would this mean for cybersecurity service providers? How do you, as a cybersecurity service provider, feel about being regulated by the Private Security Industry Regulatory Authority (PSiRA)? PSiRA, [...]

By |2026-03-23T14:09:45+02:00March 17th, 2026|Categories: Cybercrime, Cybersecurity Law|Tags: , , , |
Read More

POPIA’s security requirement – A cybersecurity primer for IOs

Think of security compliance the way you think of a vehicle’s roadworthiness test. The certificate matters, but you only stay safe if the brakes still work today. POPIA's security requirement is not a maintenance checklist or a once-off project. POPIA […]

By |2026-03-04T09:56:05+02:00March 3rd, 2026|Categories: Cybersecurity Law|Tags: |
Read More

Intengo Imoto v Zoutpansberg Motor Wholesalers | EFT fraud and BECs

In Intengo Imoto v Zoutpansberg Motor Wholesalers, the Supreme Court of Appeal held that a purchaser (debtor) who falls victim to EFT fraud through email interception, paying into a fraudulent bank account, has not discharged its payment obligation to the […]

By |2026-02-25T12:40:06+02:00February 12th, 2026|Categories: Cybercrime, Cybersecurity Law|Tags: , , , , |
Read More

The law in 2026 – our predictions

Welcome to the law in 2026! At the beginning of each year, we look ahead to help you prioritise your next steps. This is the law regarding digital, data and tech in 2026. We try to predict what will happen [...]

By |2026-02-02T10:22:10+02:00January 25th, 2026|Categories: Access to Information, AI Governance, Cybersecurity Law, IT Law, Life@Law, POPI and Data Protection|Tags: , |
Read More

Cybersecurity compliance for officers – From librarian to navigator

Let's talk cybersecurity compliance for officers. Many organisations treat cybersecurity compliance like a library. They collect policies, file them away, and assume that because the shelf is complete, the building is safe. But in 2026, regulators aren't looking for a [...]

By |2026-02-11T17:47:00+02:00January 22nd, 2026|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , |
Read More

DORA compliance for vendors – a practical playbook

DORA compliance for vendors is now a live requirement, and selling technology to European financial firms is therefore like constructing a new building in a crowded city: you must meet the code, welcome inspections, and prove the structure can take [...]

By |2025-11-14T19:33:31+02:00November 14th, 2025|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , |
Read More

Telco cybersecurity in South Africa – finding a signal in the noise

Let's talk telco cybersecurity in South Africa. Securing a telecommunications network is like trying to tune into a radio station amid heavy static: operators must carefully adjust both their security controls and their compliance processes to cut through the noise. [...]

By |2025-08-07T18:56:19+02:00August 7th, 2025|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , , |
Read More

Cybersecurity compliance mapping – finding every obligation

What is cybersecurity compliance mapping? Navigating cybersecurity compliance today is like conducting a precise archaeological dig: you must carefully uncover each layer of obligations without damaging your organisation's underlying structure. Each jurisdiction, sector, and obligation presents distinct challenges, demanding meticulous [...]

By |2025-07-31T11:41:07+02:00July 22nd, 2025|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , |
Read More

Data classification best practices

We've all got that chaotic drawer at home — a messy collection of old chargers, mystery keys, forgotten receipts, and batteries that may or may not work. While such clutter at home might only cause mild frustration, allowing your business [...]

By |2025-07-29T11:35:52+02:00July 16th, 2025|Categories: Cybersecurity Law, POPI and Data Protection|Tags: , , , , , |
Read More

Cybersecurity is mission-critical

Imagine your business as a body, thriving and responding to opportunities, with your digital systems acting as its nervous system. Just as any impairment to nerves can paralyse a body, a cybersecurity breach can disrupt or incapacitate your organisation. Cybersecurity [...]

By |2025-07-10T10:47:28+02:00July 10th, 2025|Categories: Cybersecurity Law|Tags: |
Read More