Businesses must be aware of the legal requirements when a data breach takes place so that they can be swift in their response, as failure to comply is considered an offence under the Protection of Personal Information Act. The first step is to notify the Information Regulator and the Data Subject/s (should their identity be known) of the breach. The notification must be done as soon as reasonably possible after the discovery unless where, for example, there is a criminal investigation pending....

The short answer is No. Normally, if a consumer bought a product, it may not be returned for a refund unless there is an additional refund policy in place and a valid reason in terms of the Consumer Protection Act. Valid reasons in terms of the Act are: The product is defective within six months after delivery, subject to investigation and misuse, wear and tear;The product was bought after direct marketing and the consumer cancelled the agreement within five business days;The consumer did not...

In short, the answer is no. The Protection of Personal Information Act is a theory-based piece of legislation. With such legislation, and because it has only recently been promulgated, it is considered progressive. Because of this, there will be constant challenges with implementing the Act. Naturally, the Information Regulator will release regulations and guidance notes to guide the general public on practical implementation. One must first and foremost realise that becoming POPIA compliant...