The most astounding thing about the Experian security breach of 24-million South Africans’ personal data is not that the credit agency willingly gave the information to a "fraudster", but that Experian will escape unpunished because of years-long delays in finalising legislation.The Protection of Personal Information (Popi) Act only came into effect in July this year and gives companies until next July to comply with regulations.That means the 24-million consumers and 800,000 businesses whose data was handed to a "fraudster" by Experian have no recourse. Similarly, the so-called Master Deeds data breach — where an estimated 60-million South Africans’ details were exposed in 2018 — also won’t be penalised.The Popi Act now finally has some real teeth to protect people’s data. If it had been immediately applicable, Experian could have been fined as much as R10m, while its directors could have been jailed for as long as 10 years.Experian says the breach happened because of a "fraudulent...

BL Premium

This article is reserved for our subscribers.

A subscription helps you enjoy the best of our business content every day along with benefits such as exclusive Financial Times articles, ProfileData financial data, and digital access to the Sunday Times and Times Select.

Already subscribed? Simply sign in below.



Questions or problems? Email helpdesk@businesslive.co.za or call 0860 52 52 00. Got a subscription voucher? Redeem it now