#2  Who is responsible for protecting “Personal Information” and “Special Personal Information”

POPIA distinguishes “Personal Information” from “Special Personal Information”. Why is this distinction critical to protecting patient information? And, who are the roleplayers who must ensure that this information is secure?