South Africa's Information Regulator, the office tasked with handling all matters relating to data collection and privacy as per the country's Protection of Personal Information Act (POPIA), is under pressure to take action with regards to South Africa's largest ever personal data leak. This comes after the Right2Know Campaign (R2K) wrote an open letter to the Information Regulator.

R2K is a South African civil rights movement that focuses on issues relating to freedom of expression and access to information.

"Although the vision for establishing the Information Regulator is laudable, we are concerned that delays in fully establishing and capacitating the Information Regulator are placing our hard won democracy in jeopardy. As an example, on 19 October 2017 the R2K Campaign complained to the Information Regulator about the Master deeds Data Breach and we never received any written confirmation of receipt, let alone a finding on our complaint," said R2K in the open letter.

The "Master Deeds Data Breach", as R2K refer to it, relates to the revelation by Australian information security researcher, Troy Hunt, that he had "started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population" during October 2017. To date, no further details or investigations have been made public by the Information Regulattor or any other South African authorities with regards to the leak which saw 60 million records, including national ID numbers, of 60 million South Africans leaked publicly on the Internet.

"We are moreover, surprised at the sheer silence of the Information Regulator on issues involving personal information that we have seen in the country in the last year, such as the common practice by political parties to send unsolicited messages to people’s personal phones even though those people are not members of the party concerned and have not consented to their details being used in this way," said R2K.

One of those issues involving personal information of South Africans and privacy is the Facebook personal data of 59,777 South Africans which was potentially harvested by Cambridge Analytica during the recent saga involving Facebook. Although POPIA is meant to prevent and punish transgressors of data privacy laws, it has not been implemented and we are yet to hear the Information Regulator in South Africa come out publicly shedding light on all the data privacy incidents involving South Africans personal data.

Cover Image Credit: Phukubje Pierce Masithela Attorneys.