POTRAZ to investigate alleged third-party access to personal data

The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) says it will investigate alleged violations of the Cyber and Data Protection Act following an enquiry by MISA on alleged third-party access to personal data in breach of the Act.

In response to the letter of enquiry by MISA Zimbabwe National Director, Tabani Moyo, on 11 April 2023, POTRAZ Director General. Dr Gift Machengete, said:

“In accordance with section 6 (1) (g) of the Cyber and Data Protection Act (Chapter 12:07) (hereinafter referred to as ‘the Act’), the Authority hereby acknowledge the receipt of your complaint on alleged violations of the Act and shall be opening an investigation in terms of section 6 (1) (f) and (h) of the Act. 

“We take this opportunity to assure MISA Zimbabwe in particular, and the public in general, that the Data Protection Authority (DPA) is on a trajectory to promote and enforce better protection of personal information in line with the mandate encapsulated under the Act.”

Moyo wrote the letter to POTRAZ after mobile phone users received messages soliciting votes ahead of the 2023 elections.

He asked how third parties accessed citizens’ personal data, including phone numbers, saying the messages were personalised and based on constituency segmentation as per the voters’ roll, and possibly in breach of the Act, which governs the use of personal biometric data.

In response to the letter from POTRAZ dated 9 May 2023, Moyo said:

“MISA is encouraged and gratified by the authority’s assurances in this regard, as it goes a long way in keeping the people of Zimbabwe’s personal information safeguarded and protected from being accessed by third parties without consent.”

“We, therefore, wish the Authority firmness and assertiveness as it proceeds with the investigations to their logical conclusion.”