Under-pressure Info Regulator sets up Enforcement Committee
Faced with an increased number of complaints over the unlawful processing of personal information, South Africa’s Information Regulator today announced the establishment of an Enforcement Committee.
In a statement, the Information Regulator says the Enforcement Committee is established in terms of section 50 of the Protection of Personal Information Act No 4 of 2013 (POPIA).
It will be chaired by advocate Helen Fourie SC, and Simonè Magardie will serve as the alternative chairperson.
Fourie is a member of the Pretoria Society of Advocates and has served as an acting judge in the North Gauteng High Court.
The regulator says her senior counsel status was conferred by the president of South Africa in 2018.
It adds the focus of Fourie’s practice is providing advice and conducting litigation in matters concerning various aspects of insolvency law, corporate law, contractual disputes, National Credit Act, wills and estates, and trusts, interdicts and evictions.
Magardie is an attorney and holds a Master of Laws degree in Corporate and Commercial Law and was admitted as an attorney of the High Court of South Africa on 12 April 2001.
She currently serves on the panel of the Law Society of the Northern Provinces, and previously served on the panel of the Independent Communications Authority of South Africa and the South African Bureau of Standards.
The appointment of the committee comes as the Information Regulator has been under pressure from the public about its slow responsiveness to deal with data privacy complaints.
The Information Regulator previously told ITWeb that the office has been inundated with complaints and various POPIA-related compliance applications since its enforcement powers came into effect on 1 July 2021.
It said some complaints, depending on their nature, will invariably take longer to resolve; however, this is not the case in all matters that come before the regulator.
Headed by advocate Pansy Tlakula, the Information Regulator is, among other duties, empowered to monitor and enforce compliance by public and private bodies with the provisions of SA’s data privacy law, POPIA.
As of 30 June 2021, the Information Regulator took over the regulatory mandate functions relating to the Promotion of Access to Information Act (PAIA) from the South African Human Rights Commission.
The new Enforcement Committee comprises 14 independent experts drawn from a wide array of professional backgrounds, such as law, information security, education, finance accounting, auditing, actuarial science, forensics and criminal investigations.
Section 93 of POPIA provides that the Enforcement Committee must consider all matters referred to it by the regulator regarding a complaint, an investigation of a complaint, a finding in respect of the complaint, and as referred to in section 92 of POPIA, other matters or a recommendation in respect of the proposed action to be taken by the regulator.
The information watchdog explains the matters to be referred to the Enforcement Committee also include any regarding a complaint in terms of the PAIA. It notes the Enforcement Committee is required to make findings in respect of matters referred to it.
POPIA further provides that the Enforcement Committee may make any recommendation to the regulator necessary, or incidental to any action that should be taken against a responsible party in terms of POPIA or an information officer or head of a private body in terms PAIA, it adds.
“The inauguration of the Enforcement Committee is a historic moment for the regulator,” says Tlakula.
“For the first time since its establishment in 2016, the regulator will be able to enforce its powers and provide an effective remedy to the complainants whose right to privacy and the right of access to information have been infringed.”
The watchdog adds in its statement: “The establishment of the Enforcement Committee is a shot in the arm to the regulator's efforts aimed at confronting the increasing volume of complaints by the public regarding the processing of their personal information by responsible parties, or the denial of access to information by public or private bodies.”
According to the regulator, in the 12 months since the enforcement powers of the regulator came into force, 150 access to information complaints and 544 protection of personal information complaints have been submitted to it.
“The Enforcement Committee will play a critical role in resolving some of these cases if they are not resolved at the earlier phases of the case management processes, such as the pre-investigation, investigation and mediation phases.”