The appointment of an Information Officer is one specific governance requirement in the POPI Act that must be complied with, which has a material impact on a business.

The question is: who is the Information Officer?

The POPI Act states that the head of the Private Body is by default the Information Officer.  So that means the Managing Director or Chief Executive Officer is the Information Officer.  Obviously this role can be delegated to someone else by the MD or CEO.

In some instances the company may need to appoint more than one Information Officer within their structure because of subsidiaries that they control.  This issue is directly related to the decision about the structure of responsible parties a company has decided on.

Are there various legal entities within the company that should each be considered as a separate responsible party having their own Information Officer?  Where a company is expanding and acquires other businesses this is an issue to be considered.

These are issues the company’s legal advisor would need to assist the company’s governing body with.