The story

joburg eservices

Joburg wants to sue ‘hacker’ – so why don’t we sue them back?

After Tuesday’s revelations that anyone could access accounts belonging to other individuals and businesses thanks to a large security hole in the City of Johannesburg’s online billing system, it should be no surprise that the legal shenanigans have been fixed before the fault is repaired. According to a statement on its website, the city has rewarded concerned citizens who highlighted an error that allowed Google to spider invoices by inviting the police to investigate them.

Legal eagle and friend of Paul Jacobson of Web.Tech.Law tweeted in response: “The response to revelations of its shoddy website security highlights underlying problematic attitudes that led to this.” He says that there may be the very slimmest possibility of a case under the Electronic Communications and Transactions Act, if it could be proven that a security measure was deliberately circumvented. That’s unlikely because the invoices were being indexed by Google, and therefore clearly visible on the public internet.

SANRAL has also added its voice to those calling for punitive measures against those who discovered the flaw and tried to bring it to the city’s attention before going public. One of the files that was viewable by the public showed it owes the city R55 000.

All well and good, but our inquisitive minds want to know more about the other legal case which could be brought here: a class action against the City for allowing a security flaw which has opened up any citizen or business who holds and account to the chance of identity fraud. We asked lecturer in mercantile law at the University of Pretoria, Sylvia Papadopoulos, what the chances of it happening are.

“The possible ramifications of such a breach in data security are enormous,” Papadopoulos explains, “There are two or three possible avenues open for parties affected by the data breach.

“The best option is that in South African law the right to privacy is protected in terms of both our common law and section 14 of the Constitution and it is recognized as an independent valuable personality right,” she continues, “Therefore any action in this sphere of the law is a synthesized action based on both the common law and constitutional law principles. The recognition of a right to privacy is also extended to commercial entities. In principle a party (class action for damages) would have to prove: That there was a disclosure of private information ie. a breach of privacy, that the breach was unlawful/wrong/unjustifiable and due to negligence on the part of the party you want to hold liable, that their actions/inaction caused damage and finally you have to prove the amount of damage suffered.

“The only possible issue here is showing that actual damage occurred.”

So far, no-one other than SANRAL has come forward to say they’ve been negatively effected by the data leak, but given the large volume of commercial accounts showing outstanding bills of hundreds of thousands of Rand, it can surely be just a matter of time.

Recently Published


Inspiring and teaching SA’s rural kids through the lens of a video camera

To paraphrase the old adage, in the age of ubiquitous video, the ...


[htxt.africast] Monkeys, Midrand and MTN – it’s the first Friday Tech News Quiz!

It’s a slightly different format for our daily podcast today ...


5, 4, 3 to Xbox One from FNB… sort of

First National Bank (FNB) has placed a nifty countdown timer on its ...

vodacom store

Vodacom wants to grow online store ten fold by 2016

The excitement around buying stuff online might be fizzling out in ...

Sony Micro Advertising

Sony on a quest to undo 20 years of being technologically behind

Once at the pinnacle for developing new technology, Sony executives ...

Screenshot (172)

[WATCH] Five of the best theatrical EFF parliament comments

How many of us can honestly say we used to attentively watch ...


Telkom takes big scissors to high speed broadband prices

In a bit of happy news for those interested in the higher internet ...


16% of PC users are still on Windows XP

Support for Windows XP may have ended in April this year, but some ...

iphone 5s main

Three iStores robbed in two weeks, R1 million taken

In less than two weeks, another iStore has been robbed in ...