The Information Regulator (IR) says it has initiated an investigation into an alleged breach of the Protection of Personal Information Act (POPIA) by some officers of the South African Police Service (SAPS).
This happened after the personal details of the victims of the recent attack in Krugersdorp were published. At the end of last month, the shocking story of the gang-rape of eight women by a group of armed men in West Village near Krugersdorp broke.
The IR says it has learned that a list containing the personal details of the victims of this heinous crime has been leaked via social media, believed to be by officials linked to the SAPS.
The Information Service says it will carry out an ex officio assessment under section 89 of POPIA of the measures taken by the SAPS to protect the personal information of the victims in this case.
The circumstances of the leak will be established by an examination, the report says.
The law, which entered into force on July 1, 2021, is aimed at promoting the protection of personal information processed by public and private organizations.
Alison Tilley, a member of the regulator, said: “We are calling on the public to stop the distribution of this list of victims’ personal details. If you have it, delete it. The list was published in violation of POPIA.’
Tilley notes that distribution of the list is “not only a violation of POPIA, but also a gross act of re-victimization and a violation of constitutional rights to privacy and human dignity.”
According to the IR, the responsible party has an obligation under the conditions of lawful processing of personal information to ensure the integrity and confidentiality of personal information in its possession by taking appropriate reasonable measures to prevent unlawful access to or processing of personal information. .
If the responsible person fails to comply with the conditions mentioned in section 19 of POPIA, it will be against the law and necessary enforcement action will be taken.
The regulator has been informed that this information continues to spread across all media platforms.
“The regulator has a duty to establish how these breaches occurred and to take the necessary corrective and punitive measures to ensure that such a breach never occurs again if the facts show that it has occurred. Such measures of punishment and punishment include fines and deprivation of liberty,” IR notes.
Faced with an increase in complaints about the illegal processing of personal information, IR last week announced the establishment of an Enforcement Committee.