Regulator writes to Facebook over data breach
The Information Regulator has asked Facebook to contact all South Africans affected by the social network’s data breach, and to state what steps it is taking to ensure users’ data remains safe.
Facebook said last week that 59,777 Facebook users in SA were “potentially impacted” by the data breach via their friendships with 33 users of a personality quiz app.
The personal information of 87-million of the social media platform’s 2.2-billion users worldwide may have been wrongfully shared with Cambridge Analytica, the company has said.
SA’s Information Regulator, which was accused by the Right2Know Campaign on Monday of being a toothless organisation, said in a statement on Tuesday it had “decided to proactively and voluntarily engage Facebook with regards to the alleged data breach”.
The regulator had written to Facebook to establish the extent of the breach, what measures the firm was taking “to prevent further compromise”, and to request that Facebook inform affected users so they could “take proactive measures” against any consequences.
The Protection of Personal Information Act, SA’s data protection framework, required Facebook to secure users’ personal information, the regulator said. Anyone affected by the breach could lay a formal complaint, it added.
THE REGULATOR HAD WRITTEN TO FACEBOOK TO REQUEST THAT FACEBOOK INFORM AFFECTED USERS
World Wide Worx MD Arthur Goldstuck said the regulator was obliged to follow up on the matter, and it was likely to receive a “routine response” from Facebook.
Goldstuck said that despite dented trust, it was unlikely that many Facebook users in SA would leave the platform, which had about 19-million users in the country at last count.
Meanwhile, in an apparent response to Right2Know’s statement, the regulator said a task team was probing another data breach that occurred in 2017, in which the personal information of millions of South Africans was exposed.
The regulator said the South African Police Service, the National Prosecuting Authority, the Department of Rural Development, the National Credit Regulator and the Credit Bureau Association had agreed to form a task team “to ensure a multidisciplinary approach”.