Nomzamo Zondi, Information Regulator

It’s taken a while, but, in July, South Africa’s Information Regulator finally issued its first fine for transgressing the Protection of Personal Information Act (PoPIA). But while the fines have been issued, the regulatory body is still building its enforcement teams, and can only deal with the most pressing cases.

The first fine, to the tune of R5 million, was levelled at the Department of Justice and Constitutional Development, the department under which the Information Regulator falls. The department fell victim to a ransomware attack in 2021, but it was its failure to comply with an enforcement notice dating from May 9 this year that earned it the fine.