Privacy and Legal Implications Regarding the Processing of Honeypot Data

Bahle Ngoma; Noluntu Mpekoa; Heloise Pieterse

doi:10.1007/978-3-032-09660-9_2

Privacy and Legal Implications Regarding the Processing of Honeypot Data

Bahle Ngoma
, Noluntu Mpekoa
, Heloise Pieterse

Academy of Computer Science and Software Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Cyberattacks have been an ever-increasing threat against the cyber infrastructure of organisations. The act of exploiting known network vulnerabilities appears to be highly appealing to hackers, where their potential payout is to find and collect valuable data housed by an organisation. To compensate for this matter, security teams can design and deploy highly advanced security tools to thwart cyberattacks, and one such tool is a honeypot. Honeypots possess the functionality of baiting intruders to interact with them whilst preventing said intruders from affecting real production and service systems. Ultimately, honeypots collect data associated with an intruder and the attack, which reveals valuable information that can be analysed and used to combat similar incidents. However, with the introduction of modern privacy laws, a number of consequences exist with the data honeypots collect. The paper will explore the limitations on processing honeypot data with the aid of related works published regarding honeypots, the POPI Act and the GDPR through literature reviews. Thus, this paper will discuss the privacy and legal implications that arise with processing data collected by a honeypot from the perspective of privacy laws established by both the European Union and the South African government.

Original language	English
Title of host publication	Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers
Editors	Hein Venter, Mariki Eloff, Jan Eloff, Reinhardt Botha, Marianne Loock, Umer Mushtaq
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	10-20
Number of pages	11
ISBN (Print)	9783032096593
DOIs	https://doi.org/10.1007/978-3-032-09660-9_2
Publication status	Published - 2026
Event	23rd International Conference on Information Security, ISSA 2024 - Gqeberha, South Africa Duration: 2 Dec 2024 → 3 Dec 2024

Publication series

Name	Communications in Computer and Information Science
Volume	2661 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	23rd International Conference on Information Security, ISSA 2024
Country/Territory	South Africa
City	Gqeberha
Period	2/12/24 → 3/12/24

Keywords

cyberattacks
cybersecurity
GDPR
Honeypot
POPI Act
privacy

ASJC Scopus subject areas

General Computer Science
General Mathematics

Access to Document

10.1007/978-3-032-09660-9_2

Cite this

Ngoma, B., Mpekoa, N., & Pieterse, H. (2026). Privacy and Legal Implications Regarding the Processing of Honeypot Data. In H. Venter, M. Eloff, J. Eloff, R. Botha, M. Loock, & U. Mushtaq (Eds.), Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers (pp. 10-20). (Communications in Computer and Information Science; Vol. 2661 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-09660-9_2

Ngoma, Bahle ; Mpekoa, Noluntu ; Pieterse, Heloise. / Privacy and Legal Implications Regarding the Processing of Honeypot Data. Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers. editor / Hein Venter ; Mariki Eloff ; Jan Eloff ; Reinhardt Botha ; Marianne Loock ; Umer Mushtaq. Springer Science and Business Media Deutschland GmbH, 2026. pp. 10-20 (Communications in Computer and Information Science).

@inproceedings{8f8e28a68e0549d89b80154fd9856735,

title = "Privacy and Legal Implications Regarding the Processing of Honeypot Data",

abstract = "Cyberattacks have been an ever-increasing threat against the cyber infrastructure of organisations. The act of exploiting known network vulnerabilities appears to be highly appealing to hackers, where their potential payout is to find and collect valuable data housed by an organisation. To compensate for this matter, security teams can design and deploy highly advanced security tools to thwart cyberattacks, and one such tool is a honeypot. Honeypots possess the functionality of baiting intruders to interact with them whilst preventing said intruders from affecting real production and service systems. Ultimately, honeypots collect data associated with an intruder and the attack, which reveals valuable information that can be analysed and used to combat similar incidents. However, with the introduction of modern privacy laws, a number of consequences exist with the data honeypots collect. The paper will explore the limitations on processing honeypot data with the aid of related works published regarding honeypots, the POPI Act and the GDPR through literature reviews. Thus, this paper will discuss the privacy and legal implications that arise with processing data collected by a honeypot from the perspective of privacy laws established by both the European Union and the South African government.",

keywords = "cyberattacks, cybersecurity, GDPR, Honeypot, POPI Act, privacy",

author = "Bahle Ngoma and Noluntu Mpekoa and Heloise Pieterse",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 23rd International Conference on Information Security, ISSA 2024 ; Conference date: 02-12-2024 Through 03-12-2024",

year = "2026",

doi = "10.1007/978-3-032-09660-9\_2",

language = "English",

isbn = "9783032096593",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "10--20",

editor = "Hein Venter and Mariki Eloff and Jan Eloff and Reinhardt Botha and Marianne Loock and Umer Mushtaq",

booktitle = "Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers",

address = "Germany",

}

Ngoma, B, Mpekoa, N & Pieterse, H 2026, Privacy and Legal Implications Regarding the Processing of Honeypot Data. in H Venter, M Eloff, J Eloff, R Botha, M Loock & U Mushtaq (eds), Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers. Communications in Computer and Information Science, vol. 2661 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 10-20, 23rd International Conference on Information Security, ISSA 2024, Gqeberha, South Africa, 2/12/24. https://doi.org/10.1007/978-3-032-09660-9_2

Privacy and Legal Implications Regarding the Processing of Honeypot Data. / Ngoma, Bahle; Mpekoa, Noluntu; Pieterse, Heloise.
Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers. ed. / Hein Venter; Mariki Eloff; Jan Eloff; Reinhardt Botha; Marianne Loock; Umer Mushtaq. Springer Science and Business Media Deutschland GmbH, 2026. p. 10-20 (Communications in Computer and Information Science; Vol. 2661 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Privacy and Legal Implications Regarding the Processing of Honeypot Data

AU - Ngoma, Bahle

AU - Mpekoa, Noluntu

AU - Pieterse, Heloise

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - Cyberattacks have been an ever-increasing threat against the cyber infrastructure of organisations. The act of exploiting known network vulnerabilities appears to be highly appealing to hackers, where their potential payout is to find and collect valuable data housed by an organisation. To compensate for this matter, security teams can design and deploy highly advanced security tools to thwart cyberattacks, and one such tool is a honeypot. Honeypots possess the functionality of baiting intruders to interact with them whilst preventing said intruders from affecting real production and service systems. Ultimately, honeypots collect data associated with an intruder and the attack, which reveals valuable information that can be analysed and used to combat similar incidents. However, with the introduction of modern privacy laws, a number of consequences exist with the data honeypots collect. The paper will explore the limitations on processing honeypot data with the aid of related works published regarding honeypots, the POPI Act and the GDPR through literature reviews. Thus, this paper will discuss the privacy and legal implications that arise with processing data collected by a honeypot from the perspective of privacy laws established by both the European Union and the South African government.

AB - Cyberattacks have been an ever-increasing threat against the cyber infrastructure of organisations. The act of exploiting known network vulnerabilities appears to be highly appealing to hackers, where their potential payout is to find and collect valuable data housed by an organisation. To compensate for this matter, security teams can design and deploy highly advanced security tools to thwart cyberattacks, and one such tool is a honeypot. Honeypots possess the functionality of baiting intruders to interact with them whilst preventing said intruders from affecting real production and service systems. Ultimately, honeypots collect data associated with an intruder and the attack, which reveals valuable information that can be analysed and used to combat similar incidents. However, with the introduction of modern privacy laws, a number of consequences exist with the data honeypots collect. The paper will explore the limitations on processing honeypot data with the aid of related works published regarding honeypots, the POPI Act and the GDPR through literature reviews. Thus, this paper will discuss the privacy and legal implications that arise with processing data collected by a honeypot from the perspective of privacy laws established by both the European Union and the South African government.

KW - cyberattacks

KW - cybersecurity

KW - GDPR

KW - Honeypot

KW - POPI Act

KW - privacy

UR - https://www.scopus.com/pages/publications/105022893786

U2 - 10.1007/978-3-032-09660-9_2

DO - 10.1007/978-3-032-09660-9_2

M3 - Conference contribution

AN - SCOPUS:105022893786

SN - 9783032096593

T3 - Communications in Computer and Information Science

SP - 10

EP - 20

BT - Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers

A2 - Venter, Hein

A2 - Eloff, Mariki

A2 - Eloff, Jan

A2 - Botha, Reinhardt

A2 - Loock, Marianne

A2 - Mushtaq, Umer

PB - Springer Science and Business Media Deutschland GmbH

T2 - 23rd International Conference on Information Security, ISSA 2024

Y2 - 2 December 2024 through 3 December 2024

ER -

Ngoma B, Mpekoa N, Pieterse H. Privacy and Legal Implications Regarding the Processing of Honeypot Data. In Venter H, Eloff M, Eloff J, Botha R, Loock M, Mushtaq U, editors, Information and Cyber Security - 23rd International Conference, ISSA 2024, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2026. p. 10-20. (Communications in Computer and Information Science). doi: 10.1007/978-3-032-09660-9_2