Misdirected internal emails that expose personal information can trigger mandatory data breach reporting under POPIA, even when the disclosure was accidental.