Latest news with #Popia
Mail & Guardian
28-05-2025
- General
- Mail & Guardian
Digital trust at risk: Are municipalities able to protect our personal data?
South African Local Government Association submission to parliament admitted that only 28% of municipalities had implemented minimum Protection of Personal Information Act compliance requirements by mid-2023. Photo: Reuters In today's hyper-connected world, local governments aren't just responsible for water, roads and waste — they are also custodians of our most personal and sensitive data. As South Africa steadily digitises its service delivery platforms, municipalities have become major collectors and processors of residents' information. From housing applications to prepaid electricity registrations, personal data flows through local government systems every day. The passing and enforcement of the Popia applies to all public and private bodies — including municipalities. It requires responsible parties to collect only the data they need, use it only for the purpose stated and take reasonable steps to protect it from unauthorised access. Crucially, it also obliges them to report data breaches to the The Information Regulator's 2022 annual report noted that compliance across the public sector remains patchy. Many municipalities failed to register their information officers or submit the required documentation. There is limited evidence of breach reporting and public awareness campaigns are virtually absent at the local government level. The More alarmingly, the auditor general notes that many municipalities had 'no credible IT governance structures', leaving them vulnerable to both internal and external breaches. This poses a direct risk to compliance with Popia's security safeguards clause (section 19), which mandates entities to secure data against loss, damage and unauthorised access. The consequences are not abstract. In 2021, the In both cases, communication to affected parties was limited and neither municipality has provided clarity on their data protection protocols or compliance reviews. These are not isolated incidents. A 2022 cybersecurity report by Municipalities are not just under cyber threat — they are under governance threat. A In one notable example, personal information submitted for food parcel relief during the Covid-19 lockdown in Buffalo City was allegedly used for partisan mobilisation in ward elections — a blatant violation of Popia's purpose limitation principle. This misuse of data is often enabled by a lack of internal policies, poor record-keeping and outsourcing arrangements with third-party service providers who are not subject to municipal oversight. The To be Popia-ready, municipalities need a dedicated information officer trained in privacy compliance; an up-to-date Promotion of Access to Information Act manual available to the public; internal records of data processing activities; regular staff training on personal information handling; secure information and communication technology infrastructure with role-based access controls and clear protocols for breach notification, impact assessments and data subject requests. Few municipalities have all (or any) of these. A recent South African Local Government Association submission to parliament admitted that only The Information Regulator has been proactive, within its means — issuing enforcement notices, conducting awareness sessions and launching registration portals for information officers. But with fewer than 200 staff, it cannot monitor more than 200 municipalities in real time. In 2023, it prioritised meetings with metros and provincial departments, but local municipalities — especially rural and under-resourced ones — have largely been left to self-regulate. The regulator's enforcement powers under section 92 of Popia allow it to impose administrative fines of up to R10 million — but only after investigations. To date, no municipality has been fined for non-compliance. The real pressure will probably come from citizens themselves — if they are aware of their rights. Part of readiness is public education. Citizens must be informed that they have rights under Popia, including the right to request access to personal data held by a municipality; the right to request correction or deletion of inaccurate data; the right to object to certain types of processing; and the right to be notified of data breaches that affect them. Municipalities must develop user-friendly systems to enable these rights — not just legal notices buried on websites, but walk-in help desks, call centre scripts and translated materials. They must also report transparently on how data is used in service delivery — from digital billing systems to smart meter rollouts. There are five actionable steps municipalities can take to improve Popia readiness: prioritise appointment and training of information officers in every ward office; integrate Popia into municipal governance frameworks, including supply-chain management, human resources and monitoring and evaluation; audit current ICT infrastructure for vulnerabilities and align with Popia's section 19 safeguards; partner with academic institutions and digital rights NGOs to build capacity and monitor compliance and publish annual privacy reports detailing data collected, requests processed, breaches encountered and corrective measures taken. Popia is more than a compliance checklist, it is a tool for restoring trust in governance. People deserve to know that the information they share with their municipality will not be leaked, sold, weaponised or forgotten in unsecured folders. If municipalities want to modernise and lead in digital transformation, they must also commit to digital responsibility. Being Popia-ready isn't just about avoiding fines, it's about recognising that privacy, dignity and service delivery are fundamentally linked. As we look to build smart cities and more efficient service platforms, let's make sure our municipalities are not only digitally capable — but also ethically prepared. Dr Lesedi Senamele Matlala is a public policy and digital governance lecturer at the University of Johannesburg, at the School of Public Management, Governance and Public Policy.
The Citizen
14-05-2025
- Health
- The Citizen
Has correctional services kept an eye on Schabir Shaik's 'terminal' illness?
The Correctional Services Minister would not reveal the identities of the doctors who diagnosed and approved Schabir Shaik's release. Schabir Shaik outside a shop on 25 July 2012 in Durban. Picture: Gallo Images / Franco Megannon The Department of Correctional Services has revealed extremely limited information about the monitoring of convicted fraudster Schabir Shaik's health since his controversial medical parole release in 2009. Minister of Correctional Services Dr. Pieter Groenewald recently responded to questions from the DA's Michele Clarke regarding the oversight of Shaik's medical condition. Details of Schabir Shaik's doctors protected When asked about the medical professionals who diagnosed and approved Shaik's release, Groenewald cited privacy regulations as a barrier to disclosure. 'The names of the doctors should be requested in line with the Protection of Personal Information Act (Popia), 04 of 2013,' Groenewald stated. He applied the same privacy restriction to questions about their qualifications and employment positions. While declining to reveal the identities of individual medical professionals, the minister confirmed that the Durban Correctional Supervision and Parole Board approved Shaik's release. Regarding Shaik's specific medical diagnosis, Groenewald emphasised confidentiality requirements. 'In terms of ethical and legal requirements, patient information must be kept confidential, thus ensuring maintenance of professional secrecy,' he stated. ALSO READ: Groenewald confirms foreigners with life sentences were paroled… and deported No ongoing health monitoring required The minister clarified that the department has no obligation to monitor the health of parolees released on medical grounds. 'The department did a medical assessment on the parolee before he was released on medical parole. 'There is no provision by DCS Medical Parole Policy for reassessment of any parolee,' Groenewald explained. He added that Shaik 'was consulting his own medical doctor and psychologist' and that he had complied with his parole conditions, including 'house arrest, office consultation, social work programmes and was monitored as per policy'. The department also does not provide ongoing medical treatment to those released on medical parole. 'Offenders placed on medical parole are provided with referral letters for continuity of care in the community,' added the minister. ALSO READ: Confirmed: How many inmates were granted parole – and how many were sent back to prison Schabir Shaik's controversial release Shaik, who had close ties to former president Jacob Zuma, was convicted of fraud and corruption in 2005 and sentenced to 15 years in prison. His release on medical parole in 2009 came after serving just two years and four months of his sentence, as he was deemed 'terminally ill' at the time. The circumstances surrounding his parole were widely criticised as unlawful, eventually leading to amendments to section 79 of the Correctional Services Act to strengthen the requirements for medical parole. Shaik's sentence officially expired in January 2020, making him a free man. He has since become a member of the uMkhonto weSizwe (MK) party, led by Zuma. NOW READ: WATCH: Zondo questions Zuma's release from prison on medical parole
