Notice of Security Compromise in Terms of POPIA

Home

Dear Valued Stakeholder,

The MICT SETA hereby gives notice, in terms of section 22 of the Protection of Personal Information Act, 2013 (“POPIA”), of a security compromise involving personal information processed on behalf of the MICT SETA by a contracted service provider, Praxis Computing (Pty) Ltd.

The affected stakeholders are learners who participated in MICT SETA skills development programmes during the period 2019 to 2022 and whose personal information was processed in connection with the administration and implementation of such programmes.

1. BACKGROUND

The MICT SETA had previously appointed Praxis Computing Pty Ltd a service provider in terms of a Service Level Agreement (“SLA”) for purposes of executing certain contractual services and deliverables on behalf of the MICT SETA. In the course of rendering such services, the service provider was provided with access to and possession of certain learner, stakeholder records, and personal information required for the execution of the contracted services.

The SLA expressly required the service provider, upon termination or expiry of the agreement, to:

return all MICT SETA information and records in its
securely hand over data in accordance with the MICT SETA’s instructions and applicable legal requirements.

The MICT SETA has, however, identified that the service provider has failed to return certain data and information belonging to the MICT SETA following termination of the contract, despite formal demands and legal proceedings undertaken by the MICT SETA.

2. NATURE OF THE SECURITY COMPROMISE

As a result of the service provider’s failure to return and relinquish control over the information as contractually required, the MICT SETA has reasonable grounds to believe that there exists a compromise of the integrity and lawful control of personal information processed on behalf of the MICT SETA.

At this stage, the MICT SETA has not established evidence that the information has been unlawfully disclosed or accessed by unauthorised third parties. However, the MICT SETA considers the continued unauthorised retention and withholding of the information by the service provider to constitute a security compromise and loss of lawful control over the personal information concerned.

3. CATEGORIES OF INFORMATION POTENTIALLY AFFECTED

The information potentially affected may include:

names and surnames;
identity/passport numbers;
contact details;
employment and learner-related records;
programme participation records; and
other personal information processed in connection with the contracted

The precise categories of information affected remain subject to ongoing investigation and verification.

4. MEASURES TAKEN BY THE MICT SETA

Upon becoming aware of the matter, the MICT SETA immediately initiated measures to:

formally demand the return and/or deletion of all information held by the service provider;
assess the extent and scope of the compromise;
engage legal and compliance processes;
instituted legal proceedings for recovery;
consider regulatory and legal remedies available to the MICT SETA;
mitigate any further potential risks associated with the information; and
strengthen oversight and monitoring controls relating to third-party information

The matter is currently under investigation, and further remedial actions may be implemented, as necessary.

5. RECOMMENDED PRECAUTIONARY MEASURES

Although there is currently no confirmed evidence of unlawful external disclosure or misuse, affected stakeholders are encouraged to:

remain vigilant against suspicious communications or requests for personal information;
monitor any accounts or records linked to their personal information;

Should the service provider unlawfully use, disclose, retain, manipulate, or otherwise misuse the information, affected individuals may be exposed to risks including identity theft, fraud, unauthorised disclosure of confidential information, reputational harm, financial prejudice, and other infringements of their privacy rights.

6. MICT SETA CONTACT DETAILS

Any enquiries relating to this notice may be directed to: Info@mict.org.za

The MICT SETA sincerely regrets the concern and inconvenience arising from this incident and remains committed to ensuring compliance with POPIA and the protection of personal information entrusted to it.

Yours in Skills Development

MICT SETA

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.