As South Africa commemorates the 30th anniversary of the Constitution (21 March), we are celebrating a document that was designed to protect the inherent dignity of every citizen.
In 1996, the threats to that dignity were largely physical. Today, however, our lives are lived in large parts through screens, and the “private spaces” section 14 of the Constitution seeks to protect are no longer just our homes – they expand to our digital assets, our inboxes, and digital identities.
The theme for Human Rights Month 2026, “Bill of Rights at 30: Making Human Dignity Real,” presents quite a challenge to the corporate world. In a modern democracy, human dignity is, arguably, inextricably linked to digital safety.
When an organisation fails to protect the personal information of its employees or customers, it is a failure to uphold a foundational promise – one that bears a striking resemblance to those penned on many constitutions the world over.
Section 14 and the evolution of privacy
Section 14 of the South African Constitution is clear that everyone has the right to privacy. While this traditionally protected citizens from unlawful searches of their property, the digital age has fundamentally expanded the definition of what is “private”.
“Privacy is the bedrock of dignity,” asserts Anna Collard, senior vice-president of content strategy and CISO advisor at KnowBe4 Africa. “If you don’t have control over your personal data, you lose some of the autonomy you have over your own life.
“When that data is leaked – whether through a corporate breach or a sophisticated scam victims are left vulnerable to financial ruin, emotional distress, and even physical risk. In that sense, the right to privacy – and data privacy even – is actually a basic human right.”
This perspective moves cybersecurity out of the server room and into the realm of social justice. If organisations are the custodians of South Africans’ data, they are, by extension, the custodians of part of their constitutional rights.
The ripple effect of empowerment
One of the most powerful ways to “make human dignity real” is through empowerment. Cybersecurity has long been viewed as a series of restrictions – blocking websites, enforcing complex passwords, and monitoring activity.
But true security in a free society should be about empowerment.
“We need to stop thinking of security awareness as a corporate compliance task and start seeing it as a vital life skill,” says Collard. “When an organisation trains its employees to spot a social engineering attack, that knowledge doesn’t stay at the office. There is a profound ripple effect.”
An employee who learns how to defend themselves at work becomes a more resilient digital citizen. They take that knowledge home to protect their elderly parents from pension fraud or to teach their children how to navigate an increasingly predatory online world.
By investing in human defence, organisations are contributing to the digital literacy and safety of the broader South African community.
“Exclusion from digital safety is a form of inequality,” Collard notes. “When people lack the knowledge to protect themselves, they are more easily exploited financially, emotionally and politically.”
Moving beyond compliance
The Protection of Personal Information Act (POPIA) was enacted to give teeth to Section 14, and compliance is often what drives boardrooms to act.
However, a rights-based approach to security suggests a higher standard, moving from compliance (doing it because you have to) to stewardship (doing it because you care).
“Good security shouldn’t be about avoiding a fine,” Collard argues. “It should be about respecting the individual. We teach people to lock and bolt their doors because we value their safety. We must apply that same logic to the digital world.
“Turning on multi-factor authentication or pausing before clicking a suspicious link are the digital equivalents of checking the gate is locked. They are simple acts that preserve the sanctity of our private lives.”
Anonymity versus accountability
Rather than being associated with hiding, Collard maintains that privacy is about dignity and agency.
“There is obviously a balance between anonymity and accountability,” she concedes. “In certain cases, like criminal or harassment incidents, in child abuse or other undesirable behaviour, the right to privacy needs to take second place to the rule of law.”
She believes absolute anonymity can lead to deplorable behaviour. “So, I would say yes to privacy and data protection, but no to absolute anonymity,” she emphasises.
“As we reflect on 30 years of constitutional democracy, we must recognise that the struggle for dignity has entered a new phase. In 2026, being a responsible organisation means more than just turning a profit – it means ensuring that every employee and customer can participate in the digital economy without fearing for their identity.”