Latest news with #InformationRegulator
News24
4 days ago
- Business
- News24
SA tech legal battles are exploding — our courts aren't built for this
Disputes over software failures, data breaches, and intellectual property rights are clogging courtrooms and arbitration panels. This litigation boom exposes a critical gap in South Africa's legal framework, argues Roger Wakefield of Werkmans Attorneys. South Africa's digital transformation is rewriting the rules of its economy, propelling the nation into a tech-driven future. With the IT market forecast to hit $24.5 billion by 2026, growing at a brisk 7.2% annually (Statista, 2024), industries from fintech to healthcare are reaping the rewards of innovation. Yet, this technological surge is spawning a less celebrated byproduct: a dramatic rise in IT-related litigation. As businesses lean on complex IT systems, disputes over software failures, data breaches, and intellectual property (IP) rights are clogging courtrooms and arbitration panels. This litigation boom exposes a critical gap in South Africa's legal framework, demanding a bold rethink of how the nation handles technology disputes. The stakes are colossal. In 2023, a major South African retailer sued a global software provider for R500 million after a botched enterprise resource planning (ERP) system crippled its operations. Such cases, rooted in poorly drafted contracts or unmet service-level agreements (SLAs), are becoming alarmingly common. Meanwhile, data breach lawsuits are skyrocketing, fueled by the Protection of Personal Information Act (POPIA) of 2014. The Information Regulator reported over 1 200 breach notifications in 2024 alone, with a high-profile bank facing a R1 billion class-action suit after a 2023 hack exposed 1.5 million customers' data. IP disputes are also surging, as seen in a 2022 case where a fintech startup battled a R100 million claim over alleged code theft. These cases aren't just legal skirmishes—they're existential threats to businesses navigating a digital economy. Why is IT litigation exploding? The answer lies in the complexity of modern technology and the inadequacy of current legal tools to address it. Unlike traditional commercial disputes, IT cases hinge on intricate technical evidence—think source code, system logs, or network configurations. Lawyers must translate this 'geek-speak' into arguments that resonate with judges, many of whom lack specialised tech training. South Africa's judicial system, while robust, isn't built for this. With no dedicated IT or IP courts, cases often languish in backlogs, some dragging on for over three years. The absence of tailored rules for emerging tech like artificial intelligence (AI) or blockchain only widens the gap. Contrast this with the construction industry, which has long benefitted from standardised contracts and dispute resolution mechanisms fine-tuned for its complexities. IT, despite sharing similar traits—long project timelines, technical intricacy, and high financial stakes—lacks such a framework. Software development contracts, for instance, are often vague, leaving room for disputes over scope, deliverables, or timelines. A 2023 arbitration case handled by Werksmans Attorneys underscored this: a medical scheme administrator faced a multi-million-rand claim for allegedly mimicking software functionality. The arbitrator ruled that functionality, unlike source code, isn't legally protectable—a nuance that highlights the need for clearer contractual terms. This isn't just a legal problem; it's a business one. IT disputes can derail projects, sink startups, or erode consumer trust. The 2024 dispute between a South African broadcaster and a U.S. tech firm over software licensing royalties showed how quickly disagreements can escalate, with millions in revenue hanging in the balance. Companies can't afford to treat IT contracts as afterthoughts. A well-crafted agreement isn't just paperwork—it's a shield against costly litigation and a blueprint for collaboration. Yet, too many firms skimp on legal rigor, only to pay dearly later. So, what's the fix? First, South Africa needs a specialised framework for IT disputes, akin to the construction industry's model. Standardised contracts, designed with input from tech and legal experts, could clarify expectations around IP ownership, licensing, and deliverables. Dispute resolution mechanisms, like fast-track arbitration tailored for tech cases, would prevent disputes from ballooning into existential threats. The popularity of alternative dispute resolution (ADR) is already growing—92% of global firms surveyed in 2024 favored international arbitration for tech disputes. South Africa should lean into this, incentivising mediation and arbitration to unclog courts. Secondly, the judiciary must evolve. Digitisation efforts like Court Online are a start, but they're not enough. Establishing specialised IT courts or training judges in tech fundamentals could bridge the knowledge gap. Other nations, like the UK with its Technology and Construction Court, offer a blueprint. Without such reforms, South Africa risks falling behind as a destination for tech investment. Finally, businesses must get proactive. Investing in robust contracts and compliance with laws like POPIA isn't optional—it's survival. Boards should demand tech-literate legal counsel, capable of spotting risks in software deals or cybersecurity protocols before they morph into lawsuits. The cost of prevention pales compared to the price of litigation, as the R1 billion bank case painfully illustrates. South Africa stands at a crossroads. Its IT sector is a powerhouse, driving growth and global relevance. But the litigation surge is a warning: without a legal system equipped for the digital age, this promise could falter. The nation needs more than patchwork fixes—it needs a paradigm shift. By embracing standardised contracts, specialised dispute resolution, and a tech-savvy judiciary, South Africa can turn its IT litigation challenge into a competitive edge. The alternative—sticking with an outdated legal playbook—risks stifling innovation and scaring off investors. As technology reshapes the nation, its legal system must keep pace, or the digital dream could become a litigious nightmare. Roger Wakefield is a director for litigation and dispute resolution at Werkmans Attorneys. News24 encourages freedom of speech and the expression of diverse views. The views of columnists published on News24 are therefore their own and do not necessarily represent the views of News24.
Mail & Guardian
28-05-2025
- General
- Mail & Guardian
Digital trust at risk: Are municipalities able to protect our personal data?
South African Local Government Association submission to parliament admitted that only 28% of municipalities had implemented minimum Protection of Personal Information Act compliance requirements by mid-2023. Photo: Reuters In today's hyper-connected world, local governments aren't just responsible for water, roads and waste — they are also custodians of our most personal and sensitive data. As South Africa steadily digitises its service delivery platforms, municipalities have become major collectors and processors of residents' information. From housing applications to prepaid electricity registrations, personal data flows through local government systems every day. The passing and enforcement of the Popia applies to all public and private bodies — including municipalities. It requires responsible parties to collect only the data they need, use it only for the purpose stated and take reasonable steps to protect it from unauthorised access. Crucially, it also obliges them to report data breaches to the The Information Regulator's 2022 annual report noted that compliance across the public sector remains patchy. Many municipalities failed to register their information officers or submit the required documentation. There is limited evidence of breach reporting and public awareness campaigns are virtually absent at the local government level. The More alarmingly, the auditor general notes that many municipalities had 'no credible IT governance structures', leaving them vulnerable to both internal and external breaches. This poses a direct risk to compliance with Popia's security safeguards clause (section 19), which mandates entities to secure data against loss, damage and unauthorised access. The consequences are not abstract. In 2021, the In both cases, communication to affected parties was limited and neither municipality has provided clarity on their data protection protocols or compliance reviews. These are not isolated incidents. A 2022 cybersecurity report by Municipalities are not just under cyber threat — they are under governance threat. A In one notable example, personal information submitted for food parcel relief during the Covid-19 lockdown in Buffalo City was allegedly used for partisan mobilisation in ward elections — a blatant violation of Popia's purpose limitation principle. This misuse of data is often enabled by a lack of internal policies, poor record-keeping and outsourcing arrangements with third-party service providers who are not subject to municipal oversight. The To be Popia-ready, municipalities need a dedicated information officer trained in privacy compliance; an up-to-date Promotion of Access to Information Act manual available to the public; internal records of data processing activities; regular staff training on personal information handling; secure information and communication technology infrastructure with role-based access controls and clear protocols for breach notification, impact assessments and data subject requests. Few municipalities have all (or any) of these. A recent South African Local Government Association submission to parliament admitted that only The Information Regulator has been proactive, within its means — issuing enforcement notices, conducting awareness sessions and launching registration portals for information officers. But with fewer than 200 staff, it cannot monitor more than 200 municipalities in real time. In 2023, it prioritised meetings with metros and provincial departments, but local municipalities — especially rural and under-resourced ones — have largely been left to self-regulate. The regulator's enforcement powers under section 92 of Popia allow it to impose administrative fines of up to R10 million — but only after investigations. To date, no municipality has been fined for non-compliance. The real pressure will probably come from citizens themselves — if they are aware of their rights. Part of readiness is public education. Citizens must be informed that they have rights under Popia, including the right to request access to personal data held by a municipality; the right to request correction or deletion of inaccurate data; the right to object to certain types of processing; and the right to be notified of data breaches that affect them. Municipalities must develop user-friendly systems to enable these rights — not just legal notices buried on websites, but walk-in help desks, call centre scripts and translated materials. They must also report transparently on how data is used in service delivery — from digital billing systems to smart meter rollouts. There are five actionable steps municipalities can take to improve Popia readiness: prioritise appointment and training of information officers in every ward office; integrate Popia into municipal governance frameworks, including supply-chain management, human resources and monitoring and evaluation; audit current ICT infrastructure for vulnerabilities and align with Popia's section 19 safeguards; partner with academic institutions and digital rights NGOs to build capacity and monitor compliance and publish annual privacy reports detailing data collected, requests processed, breaches encountered and corrective measures taken. Popia is more than a compliance checklist, it is a tool for restoring trust in governance. People deserve to know that the information they share with their municipality will not be leaked, sold, weaponised or forgotten in unsecured folders. If municipalities want to modernise and lead in digital transformation, they must also commit to digital responsibility. Being Popia-ready isn't just about avoiding fines, it's about recognising that privacy, dignity and service delivery are fundamentally linked. As we look to build smart cities and more efficient service platforms, let's make sure our municipalities are not only digitally capable — but also ethically prepared. Dr Lesedi Senamele Matlala is a public policy and digital governance lecturer at the University of Johannesburg, at the School of Public Management, Governance and Public Policy.
IOL News
15-05-2025
- Business
- IOL News
Over 150 NHBRC employees face lifestyle audits
Following a direction from the previous Human Settlements minister, Mmamoloko Kubayi, to all departmental entities, the lifestyle audits began at the National Home Builders Registration Council in 2024, according to Human Settlements Department Director-General Alec Moemi, pictured. Image: Sisonke Mlamla / Cape Argus THE National Home Builders Registration Council (NHBRC) has referred more than 150 employees for lifestyle audits. This decision comes on the heels of increased scrutiny regarding the council's operations, particularly following the catastrophic building collapse in George earlier this year. During a briefing to the Human Settlements Portfolio Committee, Department Director-General Alec Moemi disclosed that the lifestyle audits were initiated in response to a directive from former minister Mmamoloko Kubayi, as part of broader measures targeting entities under the department's purview. 'Initially, we focused on three of the six entities, and the others have since been asked to begin their audits,' Moemi said. 'Unlike in the public sector, where executives must declare their income and assets annually, employees in entities like the NHBRC are required to complete these forms only once,' he said. In a first round of checks concerning 82 executives and management personnel, only two employees were flagged for further investigation, while the remaining 80 were cleared. The next phase involved 216 inspectors, supply chain, and finance personnel, from which 152 were referred for further scrutiny. These 152 employees will undergo interviews where they must clarify discrepancies regarding flagged unexplained matters disclosed during the audit. Concerns regarding the lifestyle audit process have also arisen from trade unions, who complained about not being consulted and raised questions regarding data privacy and the adherence to protocols set by the Information Regulator. Deputy Minister Thandi Mahambehlala acknowledged this oversight. 'Our goal is to establish a seamless process in such a litigious environment,' Mahambehlala said. While details regarding the cost of the lifestyle audit and the identities of the involved service providers remain undisclosed, Moemi clarified that accountability measures are in place. 'If selection was mishandled, there will be consequences,' he said. Cape Times
