My business has suffered a data breach following a successful phishing scam which one of our employees reacted to and so enabled the hacker to gain access and obtain client and business data. We have tried to do what we can to manage the breach, but are unclear about our responsibilities in this regard, especially in the light of POPIA?