President Cyril Ramaphosa has appointed Alison Tilley as a part-time member of the Information Regulator, effective 1 December.
This follows the vacancy created by the resignation of professor Tana Pistorius as a part-time member of the regulator.
According to a statement, the National Assembly’s Portfolio Committee on Justice and Correctional Services embarked on a process of filling the vacancy after Pistorius stepped down.
Following the committee’s recommendation for Tilley to fill the vacancy, on 3 November, the National Assembly unanimously approved her recommendation for appointment.
The president appoints members of the Information Regulator on the recommendation of the National Assembly. The regulator consists of a chairperson and four other members – two members who serve in a full-time capacity and two members who may serve in a full-time or part-time capacity.
The statement notes Cape Town-based attorney Tilley brings a wealth of experience to the position.
She is a renowned human rights lawyer and policy specialist in protection of personal information, transparency and freedom of expression issues. She holds a BA (Law) and an LLB degree from the University of Cape Town and was admitted as an attorney of the High Court of South Africa in 1993.
Tilley was instrumental as part of the South African Law Reform Commission’s Project Committee on Privacy and Data Protection, which developed the Protection of Personal Information Bill.
She also served as director and head of advocacy and special projects at the Open Democracy Advice Centre, a specialist NGO working on access to information and whistleblowing advocacy.
“Ms Tilley’s appointment significantly strengthens the expertise and capacity of the Information Regulator,” says the Presidency in a statement.
The office of the Information Regulator is an independent body established in terms of the Protection of Personal Information Act (POPIA), with the Act having been signed into law in November 2013.
The purpose of POPIA is to ensure all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity's personal information by holding them accountable should they abuse or compromise personal information in any way.
Businesses that don't comply with the POPI Act, regardless of whether it’s intentional or accidental, can face severe penalties. The Act makes provision for fines of up to R10 million and a jail sentence of up to 10 years, depending on the seriousness of the breach.
Complaints can also be lodged with the regulator by persons regarding any interference with the protection of their personal information.
In June, it was announced that more sections of the Act will come into force from 1 July 2020, except for sections 110 and 114 (4), which shall commence on 30 June 2021. However, the sections that are enforced are suspended, or a grace period is given, for 12 months, allowing everyone to get their house in order.
Share