As a South African entity, Rundata Systems complies with Section 22 of the POPI Act, requiring notification to the Information Regulator and affected data subjects where there are reasonable grounds to believe personal information has been accessed by an unauthorized person.
2. Notification Timelines
Initial Notification: Rundata Systems will notify the Information Regulator and affected parties as soon as reasonably possible (target: < 72 hours) after the discovery of a compromise.
Final Report: A comprehensive post-mortem will follow within 30 days.
3. Scope of Disclosure
The notification will include:
A description of the possible consequences of the breach.
Measures taken or proposed to be taken to remedy the breach.
Recommendations for measures to be taken by the user to mitigate adverse effects (e.g., rotating downstream API keys).