top of page

BusinessDay: There are no good guys with our data among tech providers

The perception that there is no cost to agreeing to let others use our personal data is the hoodwink of the century.

By Johan Steyn, 2 August 2022

We live in a time when our service providers and governments can harvest more data on us than we ever thought possible. Many of these entities know where we go, who we associate with, our spending patterns and perhaps even our deepest secrets.

All too willingly we freely agree that others use our personal data. We believe that they can offer us better products and services. The perception that there is no cost is the hoodwink of the century. We pay a dear price indeed. There is no free lunch and in reality no free online access. We gladly, and mostly unknowingly, give these providers what they want: our data. It is like us leaving our doors and curtains open all day, knowing there is a stalker with malicious intent watching our every move from the house across the street.

The internet has resulted in an Orwellian surveillance society. The convenience of technology has imprisoned us in a deceptively smart-looking prison. We naively believe that our technology providers are the good guys and that we therefore can trust them with our data.

Unfortunately, there are no good guys and our data is not protected. In SA we do have the much celebrated Protection of Personal Information Act (POPIA). It is like the laws that govern our roads: stay within the speed limit and stop at red lights. It is there to protect us but no one really cares and there is rarely a substantial consequence for ignoring the rules.

The deadline for POPIA compliance was July 1 2021. Created to safeguard citizens from harm by protecting their personal information, the act aims to guarantee our privacy, which is a fundamental human right. Setting conditions for when it is lawful for someone to process someone else’s personal information, the law guards against identity theft and monetary loss.

The importance of protecting our data is evident in the penalties for noncompliance. Business leaders could face a fine of up to R10m or even imprisonment for up to 10 years. They are also liable to pay compensation for the damage suffered by those whose data was compromised.

The other consequence of personal data loss is reputational damage. Consumers are naturally concerned when the organisations we have entrusted with our data prove to be unworthy of that trust. Data breaches are often front-page stories, but in the ever-on news cycle, these crimes against our human rights are too quickly forgotten.

In recent times we have seen shockingly consequential breaches by organisations such as Transnet, the department of justice, Absa, Dis-Chem and Virgin Active. Even the custodians of our financial information — consumer credit bureaus TransUnion and Experian — have not been spared.

In a recent document, the “Cost of a Data Breach Report,” IBM disclosed that the average cost of significant data breaches had reached a record high of more than R49m, an increase of almost 20% over the last two years. The Information Regulator reported receiving more than 300 complaints against companies since the inception of POPIA.

Things are clearly out of hand. Have you seen guilty company directors forking out millions to consumers? Have you seen them handcuffed and marched off to prison? I have not. POPIA, as well-intended as it is, is a bulldog with no teeth.

• Prof Steyn is on the faculty at Woxsen University, a research fellow with Stellenbosch University and the founder of


bottom of page