, and others that don’t usually grab headlines. In some cases, the personal information of consumers was exposed.
No fines or other sanctions were imposed against companies that suffered data breaches, with the regulator saying during a press briefing on Wednesday that Popia is still new in South Africa. The information regulator’s chair, Pansy Tlakula, says her office prefers to engage with errant companies and allow them to remedy a suspected data breach before imposing fines.
After all, the regulator’s funding from the government is limited and it doesn’t have extensive human resources. The regular is expected to function optimally this year with approved funding of R100-million from the government, five members — two of whom serve on a part-time basis — and about 90 support staff.
Similar information regulators in the UK and US usually have more than 20 members and hundreds of support staff, and extensive budgets that allow them to take on multinational corporations. Tlakula recently toldby the government and needed more resources to hire individuals with forensic investigative, IT and communications skills. The latter skills are needed to inform and educate the public about the regulator’s mandate and Popia compliance.
Beyond data breaches, Tlakula’s office also monitors call centres and telemarketing groups that often use irregular means to access people’s contact details to sell them products. On this pernicious behaviour, the information regulator has received more than 700 complaints from the public since last July that it is still investigating.