Privacy law inches closer
The Protection of Personal Information Act is a step closer after the Department of Justice announced it would start the ball rolling for the appointment of an Information Regulator.
The appointment of an Information Regulator was one of the main issues holding up the new legislation, which was signed into law about 18 months ago by president Jacob Zuma. The Act has stringent provisions around how consumers' data must be protected, accessed and stored.
Under the new law, companies face a fine of up to R10 million - or a decade in jail - if they breach its provisions, and could also encounter civil class-action lawsuits. However, the most damaging penalty will be reputational damage, because organisations will have to inform people if their data has been breached.
The law will fully come into effect once Zuma has announced a date, and companies will then have between one and three years to comply. It is expected to cut down on the amount of spam in inboxes as it creates an opt-in regime.
This week, deputy minister of justice John Jeffery said the department and National Treasury had reached agreement on the pay grade for the regulator, which paves the way for one to be appointed. He noted a letter would soon be sent to National Assembly speaker Baleka Mbete, asking her to initiate the process of appointing members of the regulator.
"The appointment of the members of the regulator will, in turn, facilitate the commencement of the remainder of the Act."
Mark Heyink, partner at Mark Heyink Information Attorneys, notes advertisements for senior posts within the regulator's office will be placed in the near future and the office is likely to be established before the end of this year. This, he says, will pave the way for Zuma to proclaim the commencement date of the Act as soon as the regulator is operationally able to fulfil its functions.
Heyink says the development is welcome, as SA has fallen some 30 years behind many democratic countries in controlling persons who have taken advantage of the lack of regulation in an unbridled abuse of personal information. "The failure to require statutory protection of personal information has also led to South Africa being a vulnerable and easy target for organised crime.
"We live in hope that the regulator will be a resounding success. In light of the failures of so many of our institutions, this will be wonderfully refreshing."