Krugersdorp attack: a breach of POPIA

4 Oct 2022International

Nadine Mather reviews an alleged breach of victims' personal information in South Africa following an attack by armed men

In South Africa, the Information Regulator based in Johannesburg released a statement which declared it will pursue an assessment into an alleged violation of the Protection of Personal Information Act (POPIA) by figures of the South African Police Service (SAPS). This came after the release of sensitive personal details of the victims of an attack in Krugersdorp.

In late July, eight women were gang raped and robbed by a group of armed men, while shooting a music video at a mine dump in West Village near Krugersdorp. Soon after, the Information Regulator noticed a list of personal details of the victims had been leaked to the public. The Information Regulator has, therefore, opted to pursue and conduct a review of the SAPS’ measures to safeguard victims’ personal information, which could lead to further enforcement proceedings in South Africa.

As a result of this alleged breach, the victims’ personal details have become shared publicly and widely across multiple media platforms. The Information Regulator had subsequently issued a condemnation of this, describing it as an act of re-victimisation and a violation of the victims’ right to privacy and human dignity.

POPIA: key information

For the purposes of POPIA, ‘personal information’ is information relating to an identifiable, living natural person, and where applicable, an existing juristic person. It includes information relating to an individual’s race, gender or age, an individual’s health or sex life, and an individual’s name if it appears with other personal information.

POPIA regulates the processing (i.e. collection, dissemination, sharing etc.) of personal information. POPIA will not, however, apply to the processing of personal information by or on behalf of a public body (such as SAPS) for purposes of investigating or proving offences or for the prosecution of offenders. This is provided adequate safeguards have been established in legislation for the protection of such personal information. In this regard, the South African Police Service Act requires appropriate safeguards to be established and maintained in respect of, inter alia, databases containing fingerprints, body-prints and photographic images and DNA evidence.

In the absence of legislation providing for adequate safeguards in respect of the list of personal details of the victims, SAPS has an obligation to comply with the conditions for lawful processing under POPIA, including the obligation to implement appropriate and reasonable measures to secure the integrity and confidentiality of personal information it has in its possession and to prevent unlawful access to the personal information.

POPIA will also not apply to the processing of personal information solely done for the purpose of journalistic, literary or artistic expression, to the extent that it is necessary to, as a matter of public interest, reconcile the right to privacy with the right to freedom of expression. Accordingly, news agencies may publish stories relating to, for example, incidents of rape or crimes being committed, which stories may contain limited personal information.

Victims’ rights

In terms of POPIA, the victims have the right to have their personal information processed in accordance with the provisions of POPIA. This includes the right to be notified when their personal information has been accessed or acquired by an unauthorised person (such as where the list of their personal details is being shared by persons on various media platforms).

As a result of an alleged breach of these rights, the victims may submit a complaint to the Information Regulator or institute civil proceedings for damages against SAPS regarding the alleged interference with their personal information. The Information Regulator may also, on its own accord, conduct an assessment or investigation relating to an alleged breach of the provisions of POPIA.

Following the assessment in the present matter, the Information Regulator will be required to issue a report to SAPS on the result of the assessment and any recommendations, which report will be deemed to be equivalent to an enforcement notice. In addition, any persons distributing the list of personal details on media platforms may similarly be subject to enforcement proceedings by the Information Regulator. A failure to comply may result in punitive action, including the imposition of fines and/or imprisonment.

Nadine Mather is a partner at Bowmans South Africa bowmanslaw.com

Legal News desk contact: editorial@solicitorsjournal.com

POPIA: key information

Victims’ rights

Nadine Mather is a partner at Bowmans South Africa bowmanslaw.com

New Director of Strategy appointed by LSB

The Legal Services Board has appointed Jelena Lentzos as Director of Strategy, Policy & Engagement to enhance legal services regulation and consumer protection at a...

SFO director outlines anti-corruption strategy

Graham McNulty, Director of the SFO, speaks on enhancing anti-corruption measures and corporate collaboration at a conference in New York

South West Water admits to pollution charges

South West Water has pleaded guilty to multiple pollution charges impacting Devon and Cornwall over six years

Broadfield Law v Barnes: Court of Appeal confirms certainty requirement for contentious business agreements

Hourly-rate retainers that leave clients unable to calculate their exposure do not qualify as contentious business agreements, the Court of Appeal has ruled.

B v B: High Court declines marital status declaration where customary Cameroonian marriage gives rise to void marriage under English law

A fictitious identity, disputed ceremonies and a Cameroonian customary marriage were at the heart of a complex Family Division ruling handed down on 3 June...

New funerary methods receive legal framework

People in England and Wales are set to gain new body disposal options after a Law Commission report, published today, recommends a legal framework for...

Law firms warn about AI reliance

A rise in clients using AI for legal advice raises concerns about accuracy and liability risks

Greenpeace challenges Energy Transfer's bullying tactics

Greenpeace International has made significant progress in its anti-SLAPP lawsuit against Energy Transfer, ensuring accountability for unlawful actions

O'Sullivan v Trading 212: County court delivers stark warning on proportionality as claimant ordered to pay £96,350 in costs

A share trading dispute worth approximately £5,000 has generated over half a million pounds in combined legal costs, prompting a rare and pointed judicial rebuke.

Krugersdorp attack: a breach of POPIA

Nadine Mather reviews an alleged breach of victims' personal information in South Africa following an attack by armed men

New Director of Strategy appointed by LSB

SFO director outlines anti-corruption strategy

South West Water admits to pollution charges

Broadfield Law v Barnes: Court of Appeal confirms certainty requirement for contentious business agreements

B v B: High Court declines marital status declaration where customary Cameroonian marriage gives rise to void marriage under English law

New funerary methods receive legal framework

Law firms warn about AI reliance

Greenpeace challenges Energy Transfer's bullying tactics

O'Sullivan v Trading 212: County court delivers stark warning on proportionality as claimant ordered to pay £96,350 in costs

Association of Independent Meat Suppliers v Food Standards Agency: High Court quashes slaughterhouse inspection charges

Tanner Courrier v HKA Global: English court upholds service out despite Delaware disclosure failure

Rosina Davis v SSHD: High Court rules on lawfulness of Heathrow airport detention

CMA improves publisher rights in UK

SJ Interview: Paul Marco

When the rules can't keep up