Privacy, Power, and Accountability| Amenda Makhetha-Sebake on Privacy, Trust, and the Gap Between Law and Reality
Loading player...
Your personal data is sitting inside institutions you trust; banks, telecoms, technology companies, being processed, protected, and in some cases misused, in ways most people never see and rarely question.
Amenda has spent her career being the person responsible for what happens to it. A former litigator who found her way into data privacy before most organisations knew they needed it, she has built privacy functions from scratch across telematics, telecommunications, and financial services and today leads data privacy at one of South Africa's most significant financial institutions.
In this conversation, she is candid about where most South African organisations really are on POPIA compliance and it is not where they say they are. She talks about the difference between cybersecurity and data protection that even senior professionals confuse, what privacy by design actually looks like inside a data engineering team, and why the growing economy of buying and selling personal data is something the regulator is struggling to contain.
She also asks the question that sits underneath all of it: in an age of generative AI, where your information is already out there in ways you cannot reverse, is privacy still something any of us can genuinely control? Or has it become, as she puts it, a facade?
This is not a compliance conversation. It is a conversation about power, who holds your information, who benefits from it, and who is actually accountable when something goes wrong.
Amenda has spent her career being the person responsible for what happens to it. A former litigator who found her way into data privacy before most organisations knew they needed it, she has built privacy functions from scratch across telematics, telecommunications, and financial services and today leads data privacy at one of South Africa's most significant financial institutions.
In this conversation, she is candid about where most South African organisations really are on POPIA compliance and it is not where they say they are. She talks about the difference between cybersecurity and data protection that even senior professionals confuse, what privacy by design actually looks like inside a data engineering team, and why the growing economy of buying and selling personal data is something the regulator is struggling to contain.
She also asks the question that sits underneath all of it: in an age of generative AI, where your information is already out there in ways you cannot reverse, is privacy still something any of us can genuinely control? Or has it become, as she puts it, a facade?
This is not a compliance conversation. It is a conversation about power, who holds your information, who benefits from it, and who is actually accountable when something goes wrong.
Chapters
- 00:00 Introduction and Guest Background
- 01:53 Learning Privacy Across Telematics, Telco and Banking
- 05:08 Privacy as a Trust Asset and Incident Management
- 09:24 Reporting Obligations and Operational Disruption
- 11:18 From Litigation to Privacy: Career Journey
- 15:40 How POPIA Grew Into a Career-Defining Field
- 18:31 What Building a Privacy Function from Scratch Really Means
- 22:36 Mapping Legislation, Risk, and Your Privacy Army
- 24:39 Changing Developer Mindsets and Privacy by Design
- 28:42 Data Minimisation, Encryption, and Legacy Systems
- 31:14 What Actually Changed When POPIA Came Into Effect
- 35:15 Honest Assessment of South African POPIA Compliance Today
- 38:31 Cybersecurity vs Data Privacy: What Goes Wrong
- 42:15 How DPOs and Cybersecurity Teams Should Work Together
- 44:09 Algorithmic Bias and Ethical AI in Banking
- 47:45 Making the Investment Case for Privacy to Executives
- 50:17 Data Selling Practices and Where They Sit with POPIA
- 54:05 Shadow AI Risk and Banking Controls
- 59:17 AI Literacy vs Data Literacy: Are They the Same?
- 01:03:54 What Excites and What Keeps Her Up at Night
