Is there a need to appoint Deputy Information Officers? It is not sufficient to just appoint someone to the mandatory role of Information Officer in an organisation and believe one now complies.
The acid test here would be if a review of the POPI compliance setup is done by the Regulator. Would the duties of the Information Officer be considered too onerous for one person to handle?
More often than not this is related to how big the company is. Do the separate divisions within the company warrant having deputy information officers appointed?
The topic of compliance structures will be dealt with in a future article. It will look at a compliance model called “Three Lines of Assurance”. This will introduce what is called a governance controller, someone who operates within these three lines. Where the Information Officer and deputies fit into this structure will be covered here.
Registration of the Information Officer
There are numerous instances in the Act where a company may need to deal with the Information Regulator. This is one of them – where one is required to register the Information Officer.
This needs to happen before the person commences his or her duties. This means the registration must happen during the transitional period or prior to the handover, where the person who was appointed is not continuing in this role for whatever reason.
So this implies someone has to be responsible for making sure the registration happens and that any changes in the future are followed up with the regulator.