The Information Regulator ('the Regulator') announced, on 29 August 2022, that it had issued a summons to the South African Police Service ('SAPS'), following failure to provide details related to the release of personal information of Krugersdorp victims by 24 August 2022. In particular, the Regulator outlined that personal information of the victims, including names, ages, home addresses, and the nature of the violations against them, had been shared via the WhatsApp application, allegedly leaked by SAPS officials.

More specifically, the Regulator had required the SAPS to confirm if the message was circulated via any other format and to provide a report by the Information Officer of the SAPS recording that the processing of the victims' identities was in compliance with the conditions for processing under the Protection of Personal Information Act, 2013 (Act 4 of 2013) ('POPIA') and a report on the SAPS' investigation into the incident.

In response, the Regulator stated that the SAPS had provided, on 24 August 2022, information on one of the requested areas, noting that once it had finalised its investigation it could provide further information. Consequently, the Regulator determined the SAPS response to be inadequate, and issued a summons for the remaining information.

You can read the press release here.