CHILD WELFARE TSHWANE DATA BREACH

Section 22 of the Protection of Personal Information Act, 4 of 2013 Data Breach Notification:

Please be advised that Child Welfare Tshwane takes the issue of personal information and protection thereof very seriously. Every possible precaution is taken to protect personal data and we actively work to avoid any data protection breaches that could compromise our data security.

Unfortunately, we hereby notify you in accordance with section 22 (1) (a) of the Protection of Personal Information Act, 4 of 2013 (POPI) and all other applicable data protection laws and regulations, that Child Welfare Tshwane has fallen victim to two incidents of armed robbery. During these incidents company devices were stolen that contained personal information.

Nature of data breach:

On 1 August 2024 at approximately 14:00, a computer and a cellphone was stolen at the premises of 72 Oakes Street, Groenkloof, Pretoria, 0081. We can confirm that the stolen devices were password protected. It is however necessary to mention that these devices contained our entire data basis that included information concerning adopting clients and reports.

As soon as we became aware of the stolen items, the drop box containing the aforementioned information was disconnected to ensure that personal information could not be accessed. This matter was also reported to the SAPS and a case number was issued as the following:42/082024.

On 5 August 2024 at 10:00, 8 password protected computers were stolen at the premises of 752 Komane Street, Atteridgeville, Pretoria. We can confirm that the stolen devices were password protected. It is however necessary to mention that these devices contained our entire data basis that included information concerning statutory reports, as well as information regarding active and previous court cases.

As soon as we became aware of the stolen items, the drop box containing the aforementioned information was disconnected to ensure that personal information could not be accessed. This matter was also reported to the SAPS and a case number was issued as the following: 155/082024

We conducted an internal investigation and came to the conclusion that the possible consequences of the information breaches are:

  • Unauthorized persons may have had access to individuals’ or entities’ personal information if they were able to breach or bypass the passwords and;
  • Unauthorized deletion of clients’, employees’ and stakeholders’ personal information from the dropbox if they were able to breach or bypass the passwords.

 Measures taken to prevent similar data breach:

As part of this data security incident and bearing in mind the type of information or data relating to the incident, we have carried out a full investigation. We are of the opinion that further unauthorized access to the information is highly unlikely, as the laptops were all password protected, however in future we will take better precaution to ensure that the information is always password protected and the device containing the information is stored safely as far as reasonable possible. We will further ensure to lock all offices when we consult with prospective clients in the boardroom.  

To mitigate the risk that such data compromise could pose, we conducted a full risk assessment to further strengthen the appropriate processes and organisational measures in place to prevent unlawful access to information held by us. We also reported the incidents to SAPS for further investigation.

In the meantime, our company will continue its investigation into this matter and take all steps available to maintain confidentiality, prevent loss, unauthorised access and damage to information by unauthorised parties.

We take the protection of personal information seriously and want to reaffirm our commitment to the processing of your personal information in accordance with the provisions of the POPI Act.

  • Appoint security at the gate of our Groenkloof premises;
  • Requested assistance from neighborhood patrol at Atteridgeville premises;
  • Lock offices while consulting with clients;
  • Client information will be stored on a backup that will be password protected with limited access  (cloud).

Please contact our Information Officer should you require any further information pertaining to the breach.

Information Officer:

Name: Nina De Caires

Contact number: 0828249244

Email Address: nina@childwelfare.co.za