South Africa’s Information Regulator has issued a summons to the South African Police Service (SAPS) on details related to the release of personal information of the Krugersdorp rape victims by the SAPS.
According to the regulator, following the Krugersdorp incident where 8 women were gang raped, it was made aware that the victims’ personal information, including their names, ages, home addresses and the nature of the violations against the victims, had been shared via WhatsApp, after being allegedly leaked by SAPS officials.
The regulator states that the leakage and sharing of personal information constitute interference, by the SAPS, with the protection of personal information of data subjects (the victims).
In order to fully conclude that the SAPS did indeed interfere with the protection of personal information of the data subjects, the regulator issued a notice to the SAPS demanding that it reports back to the regulator with certain information, including the purpose for drafting the WhatsApp message, and the identity of those individuals to whom the WhatsApp message was sent.
The regulator also demanded information regarding the date/s on which the message was circulated to the recipients and the time and date when the WhatsApp message was circulated beyond the group it was intended for. Additionally, the regulator demanded to know who circulated the message beyond the original group for whom the message was intended.
The regulator further stated that in order to conduct a thorough investigation, the SAPS must confirm if the message was circulated in any other format or platform besides WhatsApp.
It also stated that the SAPS should provide it with a report by the Information Officer of SAPS recording that the processing of the victims’ identities was in compliance with the processing conditions of the Protection of Personal Information Act (POPIA) and a report on SAPS’ investigation into the circulation of the personal information of the victims.
The Information Regulator stated that it had requested the SAPS to provide it with this information by August 15, 2022. The SAPS requested an extension which was granted to August 24, 2022. However, on August 24, 2022, the SAPS furnished the regulator with incomplete information, indicating that it could only provide further information once it finalised the investigation but not indicating when they anticipate the investigation will be finalised.
The Regulator found the SAPS’s response to have been inadequate and decided to issue a summons for the information demanded.
“We do not take kindly to the non-responsiveness or inadequate responses to issued Information Notices by responsible parties, because this interferes with the regulator’s ability to conduct investigations into reported matters or those initiated by us. This has a serious inditement [sic] for the Regulator to provide necessary recourse to the victims of whom the right to privacy was possibly violated,” said Adv Pansy Tlakula, chairperson of the regulator.