Krugersdorp attack: a breach of POPIA

4 Oct 2022International

Nadine Mather reviews an alleged breach of victims' personal information in South Africa following an attack by armed men

In South Africa, the Information Regulator based in Johannesburg released a statement which declared it will pursue an assessment into an alleged violation of the Protection of Personal Information Act (POPIA) by figures of the South African Police Service (SAPS). This came after the release of sensitive personal details of the victims of an attack in Krugersdorp.

In late July, eight women were gang raped and robbed by a group of armed men, while shooting a music video at a mine dump in West Village near Krugersdorp. Soon after, the Information Regulator noticed a list of personal details of the victims had been leaked to the public. The Information Regulator has, therefore, opted to pursue and conduct a review of the SAPS’ measures to safeguard victims’ personal information, which could lead to further enforcement proceedings in South Africa.

As a result of this alleged breach, the victims’ personal details have become shared publicly and widely across multiple media platforms. The Information Regulator had subsequently issued a condemnation of this, describing it as an act of re-victimisation and a violation of the victims’ right to privacy and human dignity.

POPIA: key information

For the purposes of POPIA, ‘personal information’ is information relating to an identifiable, living natural person, and where applicable, an existing juristic person. It includes information relating to an individual’s race, gender or age, an individual’s health or sex life, and an individual’s name if it appears with other personal information.

POPIA regulates the processing (i.e. collection, dissemination, sharing etc.) of personal information. POPIA will not, however, apply to the processing of personal information by or on behalf of a public body (such as SAPS) for purposes of investigating or proving offences or for the prosecution of offenders. This is provided adequate safeguards have been established in legislation for the protection of such personal information. In this regard, the South African Police Service Act requires appropriate safeguards to be established and maintained in respect of, inter alia, databases containing fingerprints, body-prints and photographic images and DNA evidence.

In the absence of legislation providing for adequate safeguards in respect of the list of personal details of the victims, SAPS has an obligation to comply with the conditions for lawful processing under POPIA, including the obligation to implement appropriate and reasonable measures to secure the integrity and confidentiality of personal information it has in its possession and to prevent unlawful access to the personal information.

POPIA will also not apply to the processing of personal information solely done for the purpose of journalistic, literary or artistic expression, to the extent that it is necessary to, as a matter of public interest, reconcile the right to privacy with the right to freedom of expression. Accordingly, news agencies may publish stories relating to, for example, incidents of rape or crimes being committed, which stories may contain limited personal information.

Victims’ rights

In terms of POPIA, the victims have the right to have their personal information processed in accordance with the provisions of POPIA. This includes the right to be notified when their personal information has been accessed or acquired by an unauthorised person (such as where the list of their personal details is being shared by persons on various media platforms).

As a result of an alleged breach of these rights, the victims may submit a complaint to the Information Regulator or institute civil proceedings for damages against SAPS regarding the alleged interference with their personal information. The Information Regulator may also, on its own accord, conduct an assessment or investigation relating to an alleged breach of the provisions of POPIA.

Following the assessment in the present matter, the Information Regulator will be required to issue a report to SAPS on the result of the assessment and any recommendations, which report will be deemed to be equivalent to an enforcement notice. In addition, any persons distributing the list of personal details on media platforms may similarly be subject to enforcement proceedings by the Information Regulator. A failure to comply may result in punitive action, including the imposition of fines and/or imprisonment.

Nadine Mather is a partner at Bowmans South Africa bowmanslaw.com

Legal News desk contact: editorial@solicitorsjournal.com

Preparing for the Great Wealth transfer

As wealth passes between generations, early planning and cross-generational engagement are becoming critical to effective estate administration.

Lawyers highlight issues with new FRCs

The extended fixed recoverable costs system raises significant issues for injured individuals and legal practitioners

Deceit, awareness and the Ivanishvili decision

The Privy Council clarifies the level of awareness required for reliance in deceit, rejecting the Marme “contemporaneous consciousness” gloss

DCB Legal achieves landmark court decision

DCB Legal has set a new precedent at the High Court, securing a favourable outcome for a client involved in commercial property litigation.

Nick Ephgrave’s SFO: reform, results and uncertainty

Nick Ephgrave’s surprise departure prompts reflection on his reforms, achievements and what lies ahead for the Serious Fraud Office

Attorney General to address sub judice inquiry

The Procedure Committee will hear from Lord Hermer on the implications of the sub judice rule in Parliament

Free access for crime victims now

Victims of crime in the Crown Court will gain free access to judges’ sentencing remarks

Lord Reed announces retirement from court

Lord Reed of Allermuir, President of the UK Supreme Court, has announced plans to retire in 2027

Audrey Ludwig honoured with MBE award

Audrey Ludwig, a solicitor and charity trustee, received an MBE for her dedication to legal aid in Suffolk

Howard League for Penal Reform v Secretary of State for Justice: High Court upholds PAVA deployment decision

Judicial review challenges deployment of incapacitant spray in Young Offender Institutions dismissed.

Pal v Accenture: EAT clarifies Polkey reductions and disability discrimination assessment

EAT examines unfair dismissal, Polkey principles, and disability discrimination in performance management cases.

Christopher Isaac Singh v Dr Prakashbhan Persad: Consultant obstetrician's duty to monitor foetal heart rate

Failure to ensure monitoring during emergency caesarean section constitutes medical negligence.

Resolving contested estates in the Court of Protection

As Baby Boomer wealth transfers accelerate, the Court of Protection is increasingly used to resolve inheritance disputes during lifetime

R (JSC) v Cambridgeshire County Council: High Court grants declaration for systemic SEND failures

Delays in EHC assessments breached statutory duties despite eventual completion

Município de Mariana v BHP Group: High Court awards £43m costs following liability victory

Brazilian claimants secure substantial interim costs order in dam collapse litigation

SJ Interview: Joelle Grogan

Dr Joelle Grogan is a legal scholar specialising in the rule of law in times of crisis. She presents The Law Show on BBC Radio 4, and is Co-Academic Director of the Rule of Law Clinic at the CEU Democracy Institute (Budapest), and a Senior Research Fellow at the UCD Sutherland School of Law. Her work focuses on constitutional accountability, emergency powers, and legal misinformation. In this interview, she examines the pressures facing the rule of law in the UK, from executive power and court delays to media narratives, emergencies, and the impact of AI on legal practice.

Justice reform risks targeting the wrong fix

As 2026 approaches, ministers eye jury trials while ignoring deeper causes of England’s criminal justice crisis