As you may be aware, the South African Information Regulator took up office on the 1st December 2016. They are accountable for monitoring and enforcing compliance to the POPI Act and PAIA. So now you may be wondering what has been happening since?
Well firstly, this appointment in itself was certainly a significant milestone. The appointment put to bed those nay-sayers whose standpoint has been that the legislation would never see the light of day. To a certain extent, one can understand this viewpoint given how incredibly long it has taken to get to this point. However, I feel sorry for those larger, more complex companies that have not done anything about POPI on the back of such rhetoric.
I did the POPI project for a South African Fortune 500 company in 2007 on the basis that, firstly, the legislation is very pervasive, complex and a paradigm shift for people. The attitudes and behaviours around personal data would need to change. This is something that you cannot get right overnight. Secondly, that even if the legislation is not in force it is good business practice and is following a set of standards that are, to a large extent, recognised internationally given the considerable number of countries that have similar legislation in force already.
So to have left it so late to do something about POPI is not smart considering these points and the fact that the transitional period is a year (unless the Minister intervenes in certain instances where up to a maximum of three years may be granted).
If we have a look at what the Regulator and her team have been up to since December it is clear that they are on a mission to position themselves as a world class Information Regulator.
Their efforts to date can be summarised as follows:
- Approved logo for the Regulator and mission;
- Allocation of responsibilities regarding the access to information and the protection of information within the team making up the Regulator;
- Setting up the offices of the Regulator;
- Setting up their website;
- Setting up the various committees and governance structures;
- Setting up the administration and appointment of the CEO;
- The drafting of regulations in terms of section 112 for tabling in Parliament this year; and
- Commencing with the process of taking over PAIA from the South African Human Rights Commission.
If you wish to read up about the full extent of their efforts to date, the Information Regulator held a briefing at the Strand Towers Hotel in Cape Town on 13 February 2017. Click here to see the full report.
– Tim O’Hanlon, Director TOSMS