Why Experian handed over 24m people’s data to a crook
The Popi Act finally has real teeth to protect people’s data — but delays mean SA’s two biggest cyberattacks will go unpunished
The most astounding thing about the Experian security breach of 24-million South Africans’ personal data is not that the credit agency willingly gave the information to a "fraudster", but that Experian will escape unpunished because of years-long delays in finalising legislation.The Protection of Personal Information (Popi) Act only came into effect in July this year and gives companies until next July to comply with regulations.That means the 24-million consumers and 800,000 businesses whose data was handed to a "fraudster" by Experian have no recourse. Similarly, the so-called Master Deeds data breach — where an estimated 60-million South Africans’ details were exposed in 2018 — also won’t be penalised.The Popi Act now finally has some real teeth to protect people’s data. If it had been immediately applicable, Experian could have been fined as much as R10m, while its directors could have been jailed for as long as 10 years.Experian says the breach happened because of a "fraudulent...
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Subscribe now to unlock this article.
Support BusinessLIVE’s award-winning journalism for R129 per month (digital access only).
There’s never been a more important time to support independent journalism in SA. Our subscription packages now offer an ad-free experience for readers.
Cancel anytime.
Questions? Email helpdesk@businesslive.co.za or call 0860 52 52 00. Got a subscription voucher? Redeem it now.