Credit bureau Experian accidentally revealed personal details of about 24 million consumers and nearly 800,000 businesses to an anonymous individual who is now described as a fraudster.
This is known to be South Africa’s largest-ever data breach.
The Information Regulator has now been given a task to monitor compliance in order to avoid landing sensitive consumer information into the wrong hands.
However, the regulator has complained of having limited resources with little or no support.
In June, the additional provisions to the Protection of Personal Information Act (POPIA) have been put in place in June and will be effected in 2021. This will hand enforcement powers to the regulator which includes the ability to impose fines of over R10 million and also the liberty to go after criminal prosecution.
This new legislation is for the purpose of ensuring companies are confident of adequate security measures in their dealings with private information.
Advocate Pansy Tlakula said meetings have been held with Experian management a number of times and a contract has been awarded to a forensic analyst to take a look into the investigation to the company’s internal investigation of the breach.
