Kampala, Uganda–The Personal Data Protection Office (PDPO) on Thursday 13th July, 2023 concluded its investigation into the data security breach involving the Uganda Securities Exchange (USE) and its technology partner, Soft Edge Uganda Limited.
According to findings by PDPO, the breach resulted in unauthorized access to the personal data of individuals whose data was collected by USE.
‘’The investigation found that the data security breach was caused by non-compliance with the Information Systems Policies Manual, the Data Protection and Privacy Act, and supporting Regulations’’, reads in part a report from PDPO.
The breach was specifically attributed to a change in the firewall configuration that left a port open, which did not follow the established change management procedures.
Additionally, there were critical areas of non-compliance with the Data Protection and Privacy Act and supporting Regulations.
‘’For instance, the Maintenance Agreement between USE and Soft Edge Uganda Limited lacked necessary data protection and privacy clauses. It failed to specify the types of personal data to be shared and the obligations of both parties to ensure data security and privacy. This inadequacy left the parties without clear data protection and privacy-related responsibilities’’, the report reads further.
Another significant finding was that both USE and Soft Edge Uganda Limited failed to regularly verify whether the implemented security safeguards were effective. This oversight led to the data security breach going unnoticed for twelve (12) days.
- Advertisement -