Are you a hack away from leaking clients’ confidential information?

November 1st, 2017

Mapula Sedutla – Editor

The recent biggest data breach in South Africa (SA) highlighted the importance of cyber security. Hackers/crackers are always on the lookout for any vulnerability in network systems and attorneys are not exempt from this threat particularly because they deal with confidential information that is subject to attorney-client privilege.

The data dump amounting to about 27GB contained a range of sensitive information on 30 million people’s identity numbers, age, race group, marital status, income, company directorships, employment history, occupation, previous address, employer etcetera.

Being hacked is no longer something that just happens in movies and it is more prevalent as there are actually five different types of hackers that upload encryption ransomware on companies’ network systems on a daily basis. In our Letters to the Editor section, attorney Jana Doussy writes:

‘Unfortunately the current laws of SA, which include common law, the Protection of Personal Information Act 4 of 2013 and the Electronic Communications and Transactions Act 25 of 2002 do not give us the necessary tools to effectively act against cybercrimes at the moment.

We are currently awaiting the Cybercrimes and Cyber Security Bill B6 of 2017 (the Cyber Bill) to be passed, which will certainly bring some welcome changes in the country, and enable SA law enforcement to utilise the special procedures necessary to fight our own cyberwars. The Cyber Bill will create new offences and have many consequences enabling better policed cybercrimes’ (see p 5).

In the Practice Note section, another article deals with the issue of legal professional privilege and hacking. Academic Daniël Eloff writes:

‘Just as there is a reasonable duty placed on attorneys and law firms to protect physical documents from prying eyes, the same duty exists with regards to information that is stored digitally, regardless of whether or not the data is stored on a hard drive or through the use of cloud-based data storage services. Data breaches could include hacking of e-mails, computers or trojan horse programmes that allow unauthorised backdoor access to computers. These data breaches could threaten confidentiality or legal professional privilege if the information that is leaked is subject thereto.

Cloud-based data storage, is in most instances, effective in ensuring adequate protection of information (LSSA Guidelines on the Use of Internet-Based Technologies in Legal Practice (, accessed 27-9-2017)). When making use of cloud-based data storage services, attorneys and law firms must enter into a contract with the third party service providers, which obliges the third party to safeguard digital information. As attorneys and law firms also often have personal details of clients on record, law firms have to ensure that they are compliant with the Protection of Personal Information Act’ (see p 17).

To mitigate the risk of being hacked attorneys need to ensure that they are up to date with developing technology and global challenges, which include cyber security threats. If the unthinkable happens and you are hacked, see p 18 for what to do.


Would you like to write for De Rebus?

De Rebus welcomes article contributions in all 11 official languages, especially from legal practitioners. Practitioners and others who wish to submit feature articles, practice notes, case notes, opinion pieces and letters can e-mail their contributions to

The decision on whether to publish a particular submission is that of the De Rebus Editorial Committee, whose decision is final. In general, contributions should be useful or of interest to practising attorneys and must be original and not published elsewhere. For more information, see the ‘Guidelines for articles in De Rebus’ on our website (

  • Please note that the word limit is 2000 words.
  • Upcoming deadlines for article submissions: 20 November 2017 and 22 January 2018.

This article was first published in De Rebus in 2017 (Nov) DR 3.