Justice department to challenge R5 million fine in court
The department of justice said on Tuesday that it was taking a R5 million fine imposed on it by the Information Regulator on legal review.
Doc Mashabane, the director-general of the department, confirmed in a briefing to the portfolio committee on justice that it was correct that the department had missed its deadline to appeal the fine, ascribing this to a mistake on the part of a staff member.
The regulator served the department with the fine in June for flouting the Protection of Personal Information Act (POPIA) by failing to renew licences for antivirus software.
The act imposes minimum standards for collecting and sharing personal information and the regulator held that the department was in breach of several sections of the legislation.
“Us missing the opportunity to do the appeal, I think is a borderline issue as well,” Mashabane said.
“What happened after the first notice [from the regulator], there was a slip up by the relevant officials for us to respond on time.”
When pressed by MPs, he said there was an internal investigation into this mistake but that the department’s review application was not an attempt to cover up its failure to file an appeal.
“This review is not taken in order to cover up the administrative slip-up. There is an investigation currently going on to deal with that,” he said.
“The review is really material, substantive and procedural matters … really the interpretation of the law and what the issue at point is.
“It is a thin line that we are navigating, and we really appreciate the part that as administration we will be accounting to the executive authority, the minister, the deputy minister and the portfolio committee.”
Mashabane said the department did not take the decision to approach the high court lightly.
It decided to do so after it became apparent from the record of decision-making of the Information Regulator, that there was information supplied by the department that the authority had failed to consider.
When the department raised this with the regulator, he said, it was advised that it could no longer indicate whether this information has been considered or not.
“The Information Regulator said in writing: ‘We can’t inform whether we considered what you gave us or not, we have become functus officio. We advise you to review our decision’.”
By this, the regulator meant that since it had already taken a decision on the matter, it could not supplant it with another, a source close to the process explained.
The fine was the first the regulator’s office issued since its powers came into effect some two years ago.
It served an enforcement notice on the department on May 9, to which the department failed to respond as per Mashabane’s concession.
“The enforcement notice had required the [department] to submit proof to the regulator within 31 days of receipt of the notice that the Trend antivirus licence, the SIEM [security information and event management] licence and the Intrusion Detection System licence have been renewed,” the regulator said.
“It also required the department to institute disciplinary proceedings against the official/s who failed to renew the licences, which are necessary to safeguard the department against security compromises.”
The notice cautioned that should the department fail to comply by 9 June, it risked being fined up to R10 million. The regulator told the Mail & Guardian at the time that it never received a response from the department.
Justice minister Ronald Lamola on Tuesday said the department was restricted in how much it could say about the matter as it was now before court, before leaving Mashabane to answer questions.
It is understood though that he is of the view the time frame set by the regulator was not reasonable and that it had furthermore failed to consider that no harm was done.
The department maintains that there is no proof that personal information was lost, damaged or otherwise compromised.
The department suffered a calamitous ransomware attack in September 2021 in which documents containing personal information were compromised and a wealth of files lost. It disrupted the functioning of courts as well as all electronic services offered by the department, as employees could not access information systems.
Lamola subsequently undertook the safety of the department’s digital infrastructure.
In 2020, hackers stole R10 000 from the Guardian’s Fund account at the Pietermaritzburg office of the master of the court.
The post Justice department to challenge R5 million fine in court appeared first on The Mail & Guardian.