By: ANG Reporter
The Information Regulator has decided to conduct an investigation into the alleged breach of the Protection of Personal Information Act (POPIA) by some officials of the South African Police Service (SAPS).
This follows the release of personal details of the victims of the Krugersdorp attack by a group of armed men. A few days ago, the shocking story broke about the gang rape of eight women by group of armed men at West Village near Krugersdorp.
The Regulator said it has since been made aware that a list with personal details of the victims of this heinous crime has been leaked to the public, allegedly by officials linked to the SAPS.
“The Regulator will conduct an own-initiative assessment as per section 89 of POPIA into the measures put in place by SAPS to safeguard the personal information of the victims in this case. The assessment will establish the circumstances of the leak and the measures that the SAPS had put in place to protect the personal information of the victims.”
“A responsible party has an obligation in terms of the conditions for lawful processing of personal information to secure the integrity and confidentiality of personal information in its possession by taking appropriate reasonable measures to prevent unlawful access to or processing of personal information.”
“Should the responsible party fail to adhere to the conditions as referred to in section 19 of POPIA they will be in contravention of the law and necessary enforcement measures will be taken.”
The Regulator said it had also been informed that this information was being shared publicly across various media platform. The Regulator’s spokesperson Alison Tilley said: “We appeal to the public stop sharing this list with the victims’ personal details. If you have it, delete it. The list was released publicly in violation of POPIA.”
Tilley added that the distribution of the list is “not only a breach of POPIA, but it is also a callous act of re-victimisation, and it is also a violation of the constitutional rights to privacy and human dignity”.
Tilley said the Regulator had a duty” to establish how these violations happened and to take necessary corrective and punitive action to ensure that such breach, if the facts show that it has occurred, never happens again”.
“Such corrective and punitive measures include fines and imprisonment.”