The Information Regulator says it appears the public sector is more reluctant to comply with personal information regulations as the South African Police Service (SAPS) is in trouble again for breaking the Protection of Personal Information Act (Popia).

In a briefing on Tuesday, the regulator revealed a list of organisations and companies investigated for breaking public information laws, while others are currently being investigated.

At least 982 complaints were lodged with the regulator in the 2023/24 financial year, with 682 resolved. Ten assessments were completed and are ready for finalisation through the issuing of enforcement notices.

This includes the SAPS, which was initially handed an enforcement notice for distributing personal information of sexual assault victims. The police were found guilty of leaking the names of eight women who were allegedly raped while shooting a music video in Krugersdorp last year.

Information Regulator chairperson advocate Pansy Tlakula said they ordered SAPS to, among other things, investigate the circumstances that led to the security compromise.

“That investigation must specify the measures the SAPS has taken to ensure this incident or any incident of similar nature does not recur. SAPS has complied with the enforcement notice, and the matter is closed,” she said.

However, the SAPS got into trouble yet again for breaching the legislation. Tlakula said officers released personal information on WhatsApp regarding investigations into the deaths of businessman Jabulani Ben Gumbi and police officer Capt Ernest Dambuza last year.

These include sensitive crime scene reports and other personal information such as car registration numbers and home addresses of those involved in the investigation. That information was circulated on WhatsApp.

“The regulator is considering measures to be taken against SAPS for this continued transgression of Popia requirements.”

New to the list of new investigations is the Electoral Commission of South Africa (IEC), which alerted the regulator about the recent leak of candidate lists for the national and provincial elections.

The regulator opted for a full assessment of the security compromise at the IEC.

The regulator’s executive for Popia advocate Tshepo Boikanyo said the probe should be completed before the elections, pending responses from the IEC.

He said a preliminary assessment was done immediately after receiving a notice from the IEC.

“We have duly notified the IEC that we have decided to conduct a full assessment. We are at the very advanced stage with regards to putting together the report. We are just awaiting information from the IEC.

“In the next three weeks at most, we will be ready with the report to be tabled to members, and they will do determinations, which is equivalent to an enforcement notice. We anticipate this matter will be finalised before the elections,” he said.

Tlakula said the regulator was willing to train organisations in complying with Popia and the Promotion of Access to Information Act (Paia), as both legislation were complex and fairly new.

“From where we are sitting, the private sector seems more eager to comply than the public sector ... As far as the public sector is concerned, the SAPS complied with our enforcement notice, but immediately thereafter there was a similar complaint which begs the question, are they really up to complying with the legislation?”

The regulator investigates complaints, which can be lodged by any person or the regulator’s own initiative, and assesses compliance with the Popia before an enforcement notice is issued.

The enforcement notice has the same effect as a court order and failure to comply is deemed an offence.

Where there is noncompliance with the enforcement notice, the regulator can issue an infringement notice which carries a penalty of imprisonment or a fine of up to R10m.

TimesLIVE