In 2016, 6 million Ster-Kinekor customers’ details were leaked in a website flaw while the eThekwini Municipality’s e-services allowed access to 98 000 Durban residents’ details.
In 2017, enriched data of 50 million South Africans from Dracore Data Sciences were sold and leaked. In 2018, a flaw in Viewfines, an online traffic ticket payment system, leaked 900 000 users’ details.
That same year, Facebook, through the Cambridge Analytica scandal, leaked 59 000 users’ personal information. And just last year, personal data of 24 million South Africans and more than 700 000 businesses was breached through Experian, a credit bureau.
This is but a sample of the litany of leaks, hacks and breaches of personal information and data that have occurred in South Africa recently.
There are also the hacks of WhatsApp in 2019 by an “intelligence” firm; the financial services giant Liberty breach of 2018 and the insurance firm Momentum’s last year.
There were hacks of the presidency’s websites and the public broadcaster SABC, although, apparently, no data was compromised.
If there is anything the digital era – or error if you feel some type of way – has patently exposed to us, it is that your personal data will be breached at some point. Privacy and data breaches occur at almost every firm.
What is your most precious data? Is it your cell number, email address, ID number, messages, car number plate, location data, IP and home addresses, device information, passwords, bank details or credit card information?
All these data points have been compromised at some point in South Africa and, despite owners, or the “protectors” of these compromised data trying to convince clients that they are secure, they cannot guarantee it 100%. Only you, dear reader, can protect your privacy and data to your comfort level.
The Protection of Personal Information Act aims to mitigate some of the risks associated with data collection and how it is used, and will also impose punitive measures for leaks, breaches and hacks.
Unfortunately, companies have until July 1 to comply, which leaves a lot of room for risk.
At a security expo three years ago, the stand-out theme was the ease and legitimacy with which security and intelligence companies, which claim to protect you, can infect your devices.
Many of these companies produce software and hardware that can surveil people and their devices, which in itself does not break the law, mainly because there aren’t any regulation laws.
But, asked about these capabilities, the firms’ responses are: “Yes, it can do this and that but ... ”
There’s often some platitude on how ordinary citizens, even government and businesses, “want” security from criminal elements while touting the greater good.
The point is, total privacy is an illusion that keeps being shoved down our throats to appease our collective outrage.
If you use any digital system, there is and will always be the possibility your most sensitive data will be compromised.
What we need now is not promises but action and consistent, calculated focus on what happens to companies, systems and those found to be using data maliciously.
This is not only a government or legislative issue, but a fundamental human rights crisis that requires action from you, dear reader, to use your voice so that policies and laws can protect “we, the people”. Individually, we also need to take charge of our data through a lifestyle change, with regular digital audits of our privacy settings.
And let’s read the small print before we accept any permissions needed on apps, websites and devices.
Technology and the systems that support it have provided humans with immeasurable gains and great power, but this should not blind us to the inherent deficiencies that exist as we strive for a better life.