Establishing the Information Regulator is one of the conditions set out in the Protection of Personal Information (POPI) Act. The Information Regulator functions in accordance with the POPI Act and the Promotion of Access to Information Act.
The Act stipulates the regulatory body has to exercise certain powers, and perform certain duties and functions. Ultimately, the regulator must monitor and enforce compliance of public and private bodies in terms of the Act.
POPI gives the regulator teeth, as data subjects will be able to complain to the jurisdiction body and it will be able to take action on their behalf, says law firm Michalsons.
Speaking to ITWeb, Tlakula said although there are no expectations to have the Information Regulator operational by year-end, the stakes are still high."We are trying to be ambitious and put a one year deadline for ourselves. So, if we succeed, bearing in mind we are operating within government bureaucracy which tends to move very slowly at times, we will be fully established by the end of the year."
The people who drafted the Act told us they don't see us being ready to function in less than two years, she noted.
The POPI Act was signed into law by president Jacob Zuma on 19 November 2013 and published in the Government Gazette on 26 November 2013.
Last September, the National Assembly recommended the appointment of five candidates for the office of the Information Regulator, and in October, the president announced the appointment of all five members, with Tlakula at the helm.
Other members include Lebogang Stroom-Nzama and Johannes Collen Weapond as full-time members, and professor Tana Pistorius and Sizwe Snail ka Mtuze as part-time members.
The five-member team, whose work commenced on 1 December, has already hit the ground running and has established committees for the organisation, drafted an organisational structure that needs to be approved by the finance minister, and is in the process of finalising draft regulations, according to Tlakula.
Although the team has a mammoth task ahead, she said it is important to first demystify public perception that the regulator will only deal with POPI.
The mandate of the Information Regulator is to focus on two important aspects and POPI is only one of those aspects, she stated.
"The second aspect is that we have taken over the enforcement and compliance of the promotion of access to information. That legislation was administered by the South African Human Rights Commission; the Information Regulator will look after that. I think it was correct for the law-makers to do that so that all aspects of information are regulated by one body."
The appointment of members of the Information Regulator is one of many conditions set out in the Act before the authority body is able to enforce compliance.
According to Tlakula, a lot of work and thinking still needs to be done. "We have to think through what we want to achieve, what kind of organisation we want to establish because we have to lay a solid foundation for the organisation.
"The Act stipulates that private and public bodies will have a year within which to comply after the promulgation of remaining chapters in the Act have come into operation.
"What has to happen is that we have to establish the organisation, come up with a structure (remember we are starting from scratch), ensure that we employ people, etc, and then we can go to the president and say we are now ready to function. Only once that has happened, can we then start with our compliance."
Tlakula pointed out that the Information Regulator must enshrine what is in the Constitution. Our Constitution provides for the right to privacy and the right to information, she noted.
"It is important to establish a body that will give effect to those rights where information is concerned. It is also important for us to be in line with other democracies around the globe, especially the developed ones."
The chairperson is of the view an industry body, whose mandate is securing the rights of personal information, must have good balance between protection of privacy and the promotion of access to information.
"For me, the starting point should be that as a democracy we should promote free flow of information, openness and transparency.
"There is a need to ensure that threats such as terrorism and cyber attacks don't unreasonably restrict the free flow of information. What tends to happen is that countries that experience extremism − governments usually react to that by limiting the free flow of information by shutting down social media − all in the name of protecting national security. The Information Regulator plays a very important role in being able to regulate all those sensitive areas."
Although establishing a regulator, which will hold private and public bodies accountable with regards to conditions set out in POPI, bodes well for SA − the process will not be without its challenges.
The main challenge will be ensuring all South Africans understand the Act and what it's trying to achieve, explained Tlakula.
"Public awareness and education are going to be important. Also, the commitment of private and public bodies to put systems in place for them to comply with the requirements of the Act, I think that is going to be a challenge.
"The Act is going to affect everybody, small or big business, whoever has private information of citizens, and the manner in which they will have to deal with that information is very important. It is going to be an exercise that will affect everybody and to put systems in place − especially for the big companies to ensure they are compliant − is going to be quite costly."
She concluded by saying the Information Regulator may need to rope in institutions of higher learning to see if they can train people who will become information regulation experts.
Our comments policy does not allow anonymous postings. Read the policy here