Rédaction Africa Links 24 with Georgina Crouth
Published on 2024-03-26 21:40:53
The Information Regulator, an independent body responsible for safeguarding personal data, has taken action against TransUnion for its mishandling of personal information in the 2022 data breach. Additionally, the regulator has launched an investigation into the Companies and Intellectual Property Commission (CIPC) following a security breach in its systems.
An enforcement notice issued by the regulator carries the same weight as a court order. Failure to comply with the notice is considered an offense and can result in penalties such as imprisonment or fines of up to R10 million for POPIA offenses. TransUnion has been given until 28 May to demonstrate compliance with the remedial measures outlined in the enforcement notice.
The regulator also provided updates on investigations into violations of the Promotion of Access to Information Act (Paia) and the Protection of Personal Information Act (Popia) over the past year. These investigations include probes related to former president Jacob Zuma, such as requests for access to Zuma’s tax records and connections between Iqbal Survé, the owner of Sekunjalo and Independent Media, and the State Security Agency.
One particular complaint against the State Security Agency pertains to its failure to respond to a Paia request for expenditure information from 2015 to 2019 related to services provided by the African News Agency (ANA), which was established by Survé’s Independent Media. The regulator’s investigation into this matter is currently under review.
Regarding candidate lists leaked at the Electoral Commission (IEC) and security breaches at Dis-Chem and the South African Police Service (SAPS), the regulator has taken action to ensure compliance with data protection regulations. Additionally, the regulator has noted a lack of compliance among political parties with Paia requirements, with none of the parties represented in Parliament being fully compliant.
New requests for access to Jacob Zuma’s tax records have been submitted to the regulator after SARS refused to disclose them despite a court ruling. The regulator has accepted these requests and will further investigate the matter.
In conclusion, the Information Regulator is actively working to enforce data protection laws and hold organizations accountable for breaches of personal information security. Through investigations and enforcement actions, the regulator aims to ensure that individuals’ personal information is handled responsibly and securely by all entities.
Read the original article on Daily Maverick
