Johannesburg, 25 August 2025 – In an increasingly digitised world, the safety and privacy of South Africa’s children are under threat—not from the internet at large, but from the very systems meant to support their education.
While the Protection of Personal Information Act (POPIA) is designed to safeguard personal data, it appears that learners’ sensitive information—ranging from ID numbers and contact details to school finances and parental bank statements—is being stored and transferred using outdated, insecure systems. Experts and educators alike are now asking: Who is truly accountable?
At the centre of the discussion is SA-SAMS, a school administration system introduced in 2004 and currently mandated by the Department of Basic Education (DBE). While it has played a key role in standardising school data reporting nationally, it was built on older technology and does not include more recent cybersecurity measures such as encryption or multi-factor authentication. In many cases, data is still transferred manually using USB drives, which raises questions about how best to ensure the security and integrity of sensitive information in today’s digital environment.
Many schools have implemented cloud-based third-party systems that offer streamlined reporting and improved administrative efficiency. However, to meet compliance requirements set by the Department of Basic Education (DBE), these schools also continue to use SA-SAMS. This dual-system approach can result in increased administrative tasks and the need to manage sensitive data across multiple platforms. There is an opportunity for schools, the private sector and the DBE to work together in exploring ways to improve system interoperability, reduce duplication, and strengthen data security—ensuring that administrative processes support both compliance and innovation
“It is absolutely critical to protect people’s data, and one would naturally think that the best possible system would be used to protect the personal information of parents, teachers, and learners. But the current version of SA-SAMS is not that system,” says Riaan van der Bergh from Fedsas, the Federation of Governing Bodies of South African Schools.
The Department is currently working with the National Education Collaboration Trust (NECT) to redevelop SA-SAMS using UNESCO’s OpenEMIS platform—technology that has never been tested in South African schools. Local edtech providers with secure, scalable systems were not consulted, and no open tender process was followed. The redevelopment is expected to cost hundreds of millions of rands, all while budget constraints have already led to teaching posts being cut.
Educators have raised urgent concerns:
- A KwaZulu-Natal principal reported having to transport data manually via USB drives.
- A Gauteng administrator described the instability caused by backend changes, patches, and lack of support.
- A Free State principal has been threatened with disciplinary action for refusing to abandon a third-party system that works.
These stories—collected under anonymity due to fears of professional reprisal—paint a picture of an education system unwilling to embrace secure innovation.
“The Department refers to SA-SAMS as a free solution, but in reality, it’s taxpayer-funded and extremely costly to maintain. Schools use third-party systems because they have a choice and decide on the best option for their needs. Why should we settle for less when our children’s data is at stake?” said Van der Bergh.
The Call to Action: Interoperability and Private Sector Inclusion
Education stakeholders are calling on the DBE to adopt a more inclusive, transparent approach by allowing interoperability between systems and inviting public/private partnerships to ensure safer, more effective school management.
In a country where over 12 million learners have their data funnelled through a vulnerable, outdated system, the question looms: Has the POPIA regulator investigated this? If not, why not?
The real cost isn’t only financial. It’s the erosion of trust and the risk to South Africa’s most vulnerable citizens: its children.
