Coding matters: POPIA and PAIA for your car

Image of a car on a road with a wireless signal above it.

Here’s a quick recap on those abbreviations:

  • POPIA: Protection of Personal Information Act. That’s the law that protects your right to privacy – like GDPR in Europe.
  • PAIA: Public Access to Information Act. This law aims to create transparency and accountability in public and private bodies.

Yet another data breach

Recently I chatted to Charles about how data breaches are now almost mundane news items. The next day I got an email from that the JD Group data breach exposed my details.

If you don’t know: is a site that will notify you if your email or phone is in a data breach.

The breach exposed customer records with names, addresses, phone numbers and ID numbers. Incredible Connection is part of the JD Group, and I registered a warranty there years ago. There’s not much I can do about that data. (That doesn’t mean you should ignore breaches. Remember to use secure passwords and change them if they are part of exposed data.)

Car makers are not immune

Car manufacturers have their share of data breaches. According to a 2020 Forbes article, most of them have been hacked.

You might think most of the data breaches are about customer data. I did. That’s what we read in the news, but it may not be true. The Forbes article is about the top 25 auto cybersecurity hacks, and none of them relate to customer data.

Car problems or computer problems

Modern cars have lots of computers – a hundred or more, depending on the car. These computers manage features ranging from safety and performance, to convenience and entertainment.

This means that your car can have as many computer problems as it can mechanical problems. (That’s exactly the problem I had recently with our car.) And where there is software, there is also data.

In movies, the detective or criminal uses a car’s GPS history to track where a person has been. (Something to think about if you are planning clandestine trips.) But it turns out that there is a lot more data.

Your car, whose data?

Newer cars have telematics systems. These systems wirelessly transmit diagnostic data about the car to the manufacturer. In Massachusetts, USA, this led to huge controversy around a right-to-repair law. The 2020 law is now due for implementation.

According to this law, new car dealers must tell buyers what data the system collects. Sounds like POPIA. Owners and independent auto repair shops must also have a way to access that data. Sounds like PAIA. When I had to have the car repaired, I quite liked that idea. Repair is a lot cheaper than replacement.

Car manufacturers are fighting this law. Of course, they lose an advantage in the repair business. But their main argument is the increased risk of cyber attacks and remote tampering. Supporters of the law have been critical of this argument. But after reading the Forbes article, I’m not as confident. These are scary stories about things like remotely opening and starting a vehicle.

There will always be conflict between the right to privacy and the right to information. I just never considered it in the context of my next drive to a shopping mall.

I’d love to hear your opinion.

Leave a Comment

Your email address will not be published. Required fields are marked *

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.