Latest news with #auditorGeneral
Mail & Guardian
28-05-2025
- General
- Mail & Guardian
Digital trust at risk: Are municipalities able to protect our personal data?
South African Local Government Association submission to parliament admitted that only 28% of municipalities had implemented minimum Protection of Personal Information Act compliance requirements by mid-2023. Photo: Reuters In today's hyper-connected world, local governments aren't just responsible for water, roads and waste — they are also custodians of our most personal and sensitive data. As South Africa steadily digitises its service delivery platforms, municipalities have become major collectors and processors of residents' information. From housing applications to prepaid electricity registrations, personal data flows through local government systems every day. The passing and enforcement of the Popia applies to all public and private bodies — including municipalities. It requires responsible parties to collect only the data they need, use it only for the purpose stated and take reasonable steps to protect it from unauthorised access. Crucially, it also obliges them to report data breaches to the The Information Regulator's 2022 annual report noted that compliance across the public sector remains patchy. Many municipalities failed to register their information officers or submit the required documentation. There is limited evidence of breach reporting and public awareness campaigns are virtually absent at the local government level. The More alarmingly, the auditor general notes that many municipalities had 'no credible IT governance structures', leaving them vulnerable to both internal and external breaches. This poses a direct risk to compliance with Popia's security safeguards clause (section 19), which mandates entities to secure data against loss, damage and unauthorised access. The consequences are not abstract. In 2021, the In both cases, communication to affected parties was limited and neither municipality has provided clarity on their data protection protocols or compliance reviews. These are not isolated incidents. A 2022 cybersecurity report by Municipalities are not just under cyber threat — they are under governance threat. A In one notable example, personal information submitted for food parcel relief during the Covid-19 lockdown in Buffalo City was allegedly used for partisan mobilisation in ward elections — a blatant violation of Popia's purpose limitation principle. This misuse of data is often enabled by a lack of internal policies, poor record-keeping and outsourcing arrangements with third-party service providers who are not subject to municipal oversight. The To be Popia-ready, municipalities need a dedicated information officer trained in privacy compliance; an up-to-date Promotion of Access to Information Act manual available to the public; internal records of data processing activities; regular staff training on personal information handling; secure information and communication technology infrastructure with role-based access controls and clear protocols for breach notification, impact assessments and data subject requests. Few municipalities have all (or any) of these. A recent South African Local Government Association submission to parliament admitted that only The Information Regulator has been proactive, within its means — issuing enforcement notices, conducting awareness sessions and launching registration portals for information officers. But with fewer than 200 staff, it cannot monitor more than 200 municipalities in real time. In 2023, it prioritised meetings with metros and provincial departments, but local municipalities — especially rural and under-resourced ones — have largely been left to self-regulate. The regulator's enforcement powers under section 92 of Popia allow it to impose administrative fines of up to R10 million — but only after investigations. To date, no municipality has been fined for non-compliance. The real pressure will probably come from citizens themselves — if they are aware of their rights. Part of readiness is public education. Citizens must be informed that they have rights under Popia, including the right to request access to personal data held by a municipality; the right to request correction or deletion of inaccurate data; the right to object to certain types of processing; and the right to be notified of data breaches that affect them. Municipalities must develop user-friendly systems to enable these rights — not just legal notices buried on websites, but walk-in help desks, call centre scripts and translated materials. They must also report transparently on how data is used in service delivery — from digital billing systems to smart meter rollouts. There are five actionable steps municipalities can take to improve Popia readiness: prioritise appointment and training of information officers in every ward office; integrate Popia into municipal governance frameworks, including supply-chain management, human resources and monitoring and evaluation; audit current ICT infrastructure for vulnerabilities and align with Popia's section 19 safeguards; partner with academic institutions and digital rights NGOs to build capacity and monitor compliance and publish annual privacy reports detailing data collected, requests processed, breaches encountered and corrective measures taken. Popia is more than a compliance checklist, it is a tool for restoring trust in governance. People deserve to know that the information they share with their municipality will not be leaked, sold, weaponised or forgotten in unsecured folders. If municipalities want to modernise and lead in digital transformation, they must also commit to digital responsibility. Being Popia-ready isn't just about avoiding fines, it's about recognising that privacy, dignity and service delivery are fundamentally linked. As we look to build smart cities and more efficient service platforms, let's make sure our municipalities are not only digitally capable — but also ethically prepared. Dr Lesedi Senamele Matlala is a public policy and digital governance lecturer at the University of Johannesburg, at the School of Public Management, Governance and Public Policy.
CBC
23-05-2025
- Business
- CBC
Why Health P.E.I. is filling some of its most senior jobs with interim employees, and what it costs
Health P.E.I. CEO Melanie Fraser says she had no choice but to bring people in to work in executive roles using private employment agencies. That's because the authority had to "to terminate or end the contracts" for a number of senior managers following a damning auditor general's report last October. CBC's Wayne Thibodeau explains what it's costing.
CBC
22-05-2025
- Health
- CBC
Half of Quebecers don't have access to first responder services: auditor general report
Despite calls for improvements, a Quebec auditor general report says 45 per cent of high-priority calls in these municipalities have an ambulance response time of more than 10 minutes.
CTV News
07-05-2025
- Politics
- CTV News
Whistleblower dismissed: Quebec Liberals suspect political pressure
Quebec Liberal Party interim Leader Marc Tanguay questions the government on the SAAQ and the report from the auditor general, at the legislature in Quebec City, Thursday, February 20, 2025 (Jacques Boissinot/The Canadian Press) (Jacques Boissinot/The Canadian Press)
