More responsibilities for Info Regulator as POPIA beckons

Read time 3min 10sec

With the much-anticipated Protection of Personal Information Act (POPIA) set to become effective tomorrow, the Information Regulator, which is the custodian of the data privacy law, now has new responsibilities.

As of 30 June 2021, the Information Regulator will take over the regulatory mandate functions relating to the Promotion of Access to Information Act (PAIA) 2000.

This follows a proclamation, by the president, of sections 110 and 114(4) of the Protection of Personal Information Act 2013, which provide for amendment of PAIA and the effective transfer of certain functions currently performed by the South African Human Rights Commission to the Information Regulator on 30 June 2021.

While POPIA will kick off tomorrow, the Information Regulator, which is headed by advocate Pansy Tlakula, last week extended the commencement date of the Act’s provision that requires organisations to obtain prior authorisation if they process certain categories of personal information.

The commencement date of that provision is now 1 February 2022.

In a statement, the Information Regulator says some key objectives of PAIA are to promote transparency, accountability and effective governance of all public and private bodies, as well as to assist members of the public to effectively scrutinise and participate in decision-making by public bodies.

PAIA ensures the state promotes a human rights culture and social justice. It also encourages openness and is there to establish mechanisms or procedures which give effect to the right of access to information in a speedy, inexpensive and easy manner.

The PAIA Amendment Act, which amended the PAIA, came into operation on 1 April 2021.

In terms of the PAIA Amendment Act, the information on the private funding of political parties and independent candidates must be recorded, preserved and made available upon request by the public, and the head of the political party is the Information Officer, who must be registered with the Information Regulator in terms of section 55(2) of POPIA.

In relation to PAIA manuals, the Information Regulator says the scope of information that the manual must cover has been widened to include matters relating to the processing of personal information in terms of POPIA.

“Up to now, an exemption has allowed smaller private bodies to be exempt from developing a manual. The current exemption expires on 30 June 2021, and the minister of justice and correctional services, Ronald Lamola, has extended the current exemption by a further six months effective from 1 July 2021 to 31 December 2021, to afford private bodies that are currently exempted adequate time to compile their PAIA manual,” the regulator says.

Although the notice has not been gazetted yet, a signed copy of the notice may be accessed from the regulator’s Web site.

According to the regulator, as this is a final exemption in terms of section 51(4) of PAIA, effective from 1 January 2022, all public and private bodies (including those that are currently exempted) must have their PAIA manual available at their principal place of business or on their Web site, if any, and from 30 June 2021, public and private bodies do not have to submit their PAIA manual to the regulator.

“In terms of section 51(1) of PAIA, as amended, all previously developed PAIA manuals of both public and private bodies must be updated to include provisions relating to the processing of personal information in terms of POPIA.

“In order to simplify the compilation process of PAIA manuals in terms of section 14 and 51 of PAIA, the regulator will publish PAIA manual templates shortly as a guide.”

See also