Meta (owners of Facebook, Instagram and WhatsApp) have been fined 1.3 billion USD for their latest data privacy violation bringing their total fines to approx. 2bn USD in less than a year. They have been ordered to cease sending data from Europe to the USA.

I was alerted to this by my good friend Doug Austin in one of his recent blog posts which I recommend you to read.

It brought to me think about where we are in SA having POPIA. I am so happy that SA has Data Privacy and Protection legislation which is at least the equivalent of GDPR. At last, I am seeing people respect its existence and value. In eDiscovery I have been preaching for years that you must know where your data is being hosted. It astonishes me that I am aware of some quality SA law firms happily sanctioning their clients’ data being hosted, for example, in the USA in States that have no data protection. The flip side is that I am seeing more and more, SA law firms and corporations, asking the right questions and recognising the issue, even insisting on SA hosting, if possible or a jurisdiction which enjoys protection at least as good as GDPR.

Of course, with RelativityOne now being hosted here in SA we have the best possible scenario which a growing number of law firms and their clients are taking advantage of.

I am just not so sure that we are getting the best out of POPIA. It is there to protect individuals and entities. As I write, I am only aware of one matter concerning a Subject Access Request in SA. Of course, that does not mean that it is the only one but for sure they appear to be few and far between. Elsewhere, in the UK for instance, there are numerous (they call them DSAR’s) on an almost weekly basis. These requests have to be dealt with in a timeframe under the legislation and eDiscovery software is a renowned vehicle for complying with such.

I urge SA and South Africans to respect and utilise our DP legislation