The Information Regulator has set out guidelines on the new compulsory regulation for organizations to register Information Officers as well as the deadline by which to do so. These guidelines are set out in accordance with section 55(2) of the PAIA, which requires an organization to register its Information Officer with the Regulator.
Choosing the Information Officer is an important decision, as the Officer plays a crucial role in the protection of information and in some cases, can be held liable for breach of protection. It is compulsory for every single organisation in South Africa to have an Information Officer.
Does your company already have an information officer?
Under the PAIA, the head of each organisation is automatically assigned the position of Information Officer. While the role of the Information Officer has expanded under POPIA, the Information Officer (automatically assigned) must first register in order to assume the responsibilities. The company is also further afforded the opportunity to appoint as many deputy information officers as it so desires, in order to ensure maximum compliance with the Acts.
The responsibilities of an Information Officer
The introduction of POPIA expanded the responsibilities of an Information Officer that was provisioned in the PAIA, with both imposing strict requirements to ensure compliance. So what are they in a nutshell?
In terms of PAIA
In ensuring the organisation’s compliance with PAIA, the Information Officer is responsible for:
- Ensuring the company’s compliance with the Act;
- Developing a PAIA manual that the company will implement; and
- Regulate access to information as it is set out in the PAIA.
In terms of POPIA
Expanding on the responsibilities under PAIA, the Information Officer (and the deputy officer(s)) is responsible for:
- Encouraging compliance with the conditions of the lawful processing of personal information within the entity;
- Dealing with any and all requests that are made to the entity with regards to the Act;
- Working with the Information Regulator in relation to any investigations that are conducted in relation to the entity;
- Ensuring that the entity complies with the provisions of the Act; and
- any other responsibility as may be prescribed by the Act.
Who should be appointed as an Information Officer?
Appointing an Information Officer or deputy Information Officer requires significant consideration of the strict requirements and responsibilities that that entails. Apart from the head of the organisation, companies can opt to appoint their CIO, IT manager, information security officer, legal advisor or compliance officer to the position.
Registering with the Information Regulator
POPIA requires that the Information Officer and deputy officer is appointed and registered with the Information Regulator. The current deadline that has been given to companies to register the details of the Information Officer and the Deputy Information Officers with the Information Regulator is 1 July 2021. However, this deadline is subject to change as the department is underway with an online portal that will facilitate virtual registrations and databases. Once the individuals have been registered, they assume the responsibilities imposed by POPIA.
How can we assist?
Here at SchoemanLaw, we offer a wide range of services that will assist in ensuring your company is compliant. Our team is available to guide you through the requirements imposed by both PAIA and POPIA, as well as the drafting of your corporate governance and legal frameworks, manuals, policies and procedures. We know that the process can be daunting and with overlapping legislation, we are here to provide you with the necessary clarity and legal advice.
The new regulations and provision can be overwhelming and confusing to any business in order to stay within the guidelines of the Act. As a business, you do not have to struggle to figure it out on your own. Our firm is able and ready to assist you with this process to become compliant.
Contact an Attorney at SchoemanLaw Inc today for all of your POPIA compliant needs.