Media Statement: 100 day countdown to be POPIA compliant, 24 March 2021
Today marks 100 days to the deadline for public and private bodies to ensure that their processing of personal information conforms to the Protection of Personal Information Act (POPIA). In preparation for the full implementation and enforcement of POPIA on 1 July 2021, the Information Regulator (IR) has prioritised the following processes
Notice: Commencement of the Regulations issued in terms of Section 112(2) , 22 Feb 2021
A notice will appear in the Government Gazette proclaiming the commencement of the Regulations issued in terms of Section 112(2) of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) as follows:
a) Regulation 4 will be effective on 1 May 2021;
b) Regulation 5 will be effective on 1 March 2021 and
c) the residual Regulations will be effective on 1 July 2021.
Media Statement: Update on Experian South Africa's Data Breach, 03 Sep 2020 The Information Regulator (Regulator) has received information from a whistleblower that the personal information of data subjects that was released as a result of the Experian data breach has found its way to the Dark Web. The whistleblower has informed the Regulator that the information of natural persons that is hosted on the Dark Web includes their cell numbers, home and work phone numbers, employment details and identity numbers. The personal information of companies includes the names of the companies, contact details, VAT numbers and Banking details.
Media Statement: Experian Security Breach, 20 Aug 2020 The Information Regulator (Regulator) is concerned about the alleged security breach experienced by Experian South Africa which has compromised personal information of reportedly 24 million South Africans. The Regulator became aware of the breach on 6 August 2020 when Experian sent an email to the Regulator requesting an urgent meeting to “discuss a matter”.
Media Statement: Commencement of certain sections of the Protection of Personal Information Act, 22 Jun 2020 The Information Regulator (Regulator) welcomes the issuing of the Proclamation by the President for the commencement of certain sections of the Protection of Personal Information Act (POPIA). In terms of the Proclamation, sections 2 to 38; 55 to 109; 111 and 114(1), (2) and (3) of POPIA will come into effect on 1 July 2020. Sections 110 and 114(4,) which deal with the transfer of the enforcement of the Promotion of Access to Information Act (PAIA) from the South African Human Rights Commission (SAHRC) to the Regulator will come into effect on 30 June 2021.
The Conference will be held under the theme “International cooperation to strengthen public access to information” and is being hosted for the first time in the African continent. About 300 delegates are expected to converge at the 2019 ICIC, consisting of local, regional and international Information Commissioners, Non-Governmental Organisations and promoters of access to information, who are expected to share experiences and insights on how to strengthen public access to information through international cooperation.
The South African Information Regulator, in partnership with the Centre for Human Rights (University of Pretoria) supported by the secretariat of the International Conference of Information Commissioners (ICIC) will be hosting the 11th International Conference of Information Commissioners from 10 - 13 March 2019, at the Vodacom Commercial Park in Midrand, Johannesburg.
The Conference, to be held under the theme “International cooperation to strengthen public access to information”, will be hosted for the first time in the continent, following the 10th ICIC which was organised in Manchester, England in 2017.
The Chairperson and Members of the Information Regulator (Regulator) met with the Chief Executive Officer and Chairman of the Board of the Direct Marketing Association of Southern Africa (DMASA) in Pretoria on 14 August 2018.
Media Statement: Direct Marketing Association of South Africa (DMASA), 27 Jul 2018
The Information Regulator (Regulator) has requested a meeting with the Chief Executive Officer of the Direct Marketing Association of South Africa (DMASA) Mr David Dickens. The purpose of the meeting is to discuss the concerns that have been raised in the article titled “Direct marketers slam POPI 'opt-in' provisions” written by the business editor of ITWeb Mr Admire Moyo at https://www.itweb.co.za/content/4r1lyMRoO43qpmda on 25th July 2018.
Alleged Data Breach – Liberty Holdings Ltd Ltd, 18 Jun 2018
The Information Regulator (Regulator) has noted with concern various media reports regarding a material data breach at Liberty Holdings Ltd. According to these various media reports hackers gained unauthorised access to the information technology infrastructure of Liberty Holdings.
Alleged Data Breach – Aggregated Payment System (Pty) Ltd, 25 May 2018
The Information Regulator (Regulator) has noted various media reports which allege the breach of personal records of nine hundred and thirty four thousand (943,000) South African drivers. The source of the breach is alleged to be the South African traffic fines online payment website called ViewFines.
Alleged Cambridge Analytical Data Breach - Facebook, 10 April 2018
The Information Regulator (Regulator) has noted various media reports which allege a material data breach by Facebook. The spokesperson of Facebook is reported to have said that the data of 59 777 of South Africans users was potentially shared with the data firm called Cambridge Analytica.
The Information Regulator (Regulator) has noted with concern the recent media reports of alleged unlawful processing of personal information of King Goodwill Zwelithini by MiWay.
Press briefing by the Information Regulator, 20 September 2017
The purpose of this briefing is to provide an update on the progress made on the establishment of the Information Regulator (Regulator), the work carried out by the Regulator thus far and the publication of the draft Regulations as prescribed by Section 112(2) of the Protection of Information Act 4 of 2013 (POPIA).
40th International Conference of Data Protection and Privacy Commissioners ( ICDPPC) in Brussels, 22-25 October 2018
The Information Regulator (Regulator) represented by the Adv. Pansy Tlakula, Adv. Collen Weapond and the Acting CEO, Mr. Mosalanyana Mosala attended the 40th International Conference of Data Protection and Privacy Commissioners ( ICDPPC) in Brussels from 22-25 October 2018. The theme of the conference was, “Debating Ethics: Dignity and Respect in Data Driven Life.”