Cape Town - The information regulator has told the Department of Justice and Constitutional Development that it has 30 days from Monday this week, to pay a R5 million fine for contravening various sections of the Protection of Personal Information Act (Popia).
The fine, accompanied by an infringement notice, comes after the department failed to comply with a 31-day enforcement notice issued by the regulator on May 9.
The matter is related to a cyberattack on the department’s IT systems in September last year which led to all electronic services provided by the department, including the regulator’s website, being temporarily unavailable for days.
An investigation at the time found that the problem had been caused by expired IT security licences.
In the proceedings against the department, the regulator had asked for proof that the licences had been renewed and disciplinary action taken against officials responsible for the failure to renew the licences.
Yesterday, regulator chairperson Pansy Tlakula said that if the department failed to abide by the enforcement notice within the stipulated time frame, it would be guilty of an offence.
“In such a case, the regulator may impose an administrative fine in the amount not exceeding R10m, or liable upon conviction to a fine or to imprisonment of the responsible officials.”
Tlakula said the department still needed to provide her with a report on the implementation of the actions required in the enforcement notice or any other communication in that regard.
She said the department had also failed to exercise its right to appeal the enforcement notice and that given this lack of compliance she had issued an administrative fine of R5m to the department.
The department had yet to respond to queries about what action it intended to take, if any, at the time of going to press.
The regulator, which is overseen by the department, was set up in 2016 to monitor and enforce compliance by public and private bodies with the provisions of Popia, among other things.