Promotion of Access to Information Act, 2000 regulations

1. The long-awaited Promotion of Access to Information Act, 2000 regulations (“the Regulations“) were finally gazetted by the Department of Justice and Constitutional Development on 27 August 2021 repealing those in place since 2002.

2. The Regulations are a culmination of the draft regulations that were published for public comment on 23 April 2021 and also follows other amendments to bring the Promotion of Access to Information Act, 2000 (“PAIA“) in line with the Protection of Personal Information, 2013 (“POPIA“).

The right of access to information vs. The right to privacy.

The Information Officer

3. The salient purpose of the Regulations is to align the previous PAIA regulations with POPIA given that, as per section 114(4) of POPIA, the Information Regulator has stepped into the shoes of the South African Human Rights Commission (“SAHRC“), which became effective on 30 June 2021.

4. Some of the key changes introduced by the Regulations relate to the functions and procedures of the Information Regulator. In addition, the Regulations also contain further duties of Information Officers some of which are linked to the functions of the Information Regulator. We unpack some of these in further detail below which in our view are important for Information Officers to take note of:

The Information Regulator must publish and make available a guide on how to use PAIA

4.1 This obligation arises pursuant to Regulation 2 and section 10 of PAIA which provides that the Information Regulator must update and make available the existing guide that has been compiled by the SAHRC in each of the official languages. The purpose of the guide is to assist people in using and understanding PAIA in order to enable the realisation of their right of access to information.

4.2 Regarding the contents of the guide, section 10 of PAIA mirrors the pre-amendment version of section 10 and provides that the guide must include a description of, amongst others:

4.2.1 the objects of PAIA and POPIA;

4.2.2 the manner and form of a request for access to a record as held by a public and private body in terms of section 11 and 50 of PAIA respectively;

4.2.3 the assistance available from Information Officers and the Information Regulator in terms of PAIA and POPIA;

4.2.4 all available remedies in law regarding any act or failure to act in respect of a right or duty as contained in PAIA and POPIA, including internal appeals, complaints and applications to court and

4.2.5 the provisions of 14 and 51 of PAIA which require public body and private body, respectively, to compile a manual.

4.3 However, since 30 June 2021 to date of this publication, the Information Regulator is yet to update the existing guide.

4.4 Regulation 3 is inextricably linked to this guide and places an obligation on an Information Officer to keep a copy the guide, in at least two of the official languages, at his or her registered head office, for public inspection during normal office hours.

4.5 Regulation 3 further provides that an Information Officer must make available, upon the written request of any person, the number of copies of the guide in the official languages – as requested. Additionally, an Information Officer may not charge a fee for a copy of the guide nor for the inspection of a copy of the guide.

The duty of Information Officers to compile and keep a description of the categories of records that are voluntarily disclosed or automatically available

4.6 The Regulations require that an Information Officer of a:

4.6.1 public body “must” compile and keep a description of the categories of records that are automatically available without a requester having to request same; and

4.6.2 private body “may” compile and keep a description of the categories of records that are voluntary disclosed or automatically available without a requester having to request same

4.7 In this regard, Information Officers of private bodies must assess whether, in light of their business operations and particularly the information they process, it is practical to compile and keep a description of the categories of records that are voluntarily disclosed or automatically available.

4.8 The requirements for maintaining the above record is the same for both public and private bodies – to the extent that one is kept by a private body. The Regulations provide that the record must be:

4.8.1 updated as and when there are changes to the description of records; and

4.8.2 made available to the Information Regulator, the website of the body and for inspection at the registered office of the body concerned during normal office hours.

Information Officers must communicate and render assistance to requesters of information

4.9 Regulation 7 places an obligation on an Information Officer to render assistance to a requester and provides that once a request for information is made, the Information Officer must:

4.9.1 assist a requester with any request with regards to access to information; and

4.9.2 if a request for access is made orally as a result of illiteracy or disability of a requester, complete the required form on behalf of the requester and provide a copy thereof to the requester in terms of PAIA.

4.10Furthermore, an Information Officer must, if a request for access to a record is granted or refused, inform the requester of:

4.10.1 his/her decision; and

4.10.2 the fees payable in respect of the request.

Offences and Penalties

4.11 Regulation 16 provides for offences and penalties for non-compliance and provides that an Information Officer “who wilfully or in a grossly negligent manner” charges a fee not prescribed in the Regulations is guilty of an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding two years.

4.12 In light of the foregoing sanctions, the importance of charging correct fees cannot be overstated and Information Officers must take note of this.

4.13 Interestingly, it is noteworthy to mention that the offences and penalties for non-compliance with the Regulations do not cover situations when an Information Officer may not comply with his/her other obligations, but appears to be somewhat limited to charging correct fees only.

4.14 However, that being said, this does not absolve an Information Officer from liability that may arise from non-compliance with his/her other obligations given that he/she may still be guilty of an offence in terms of section 90 of PAIA which provides that “a person who with intent to deny access in terms of this Act commits an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding two years“.

The role of an Information Officer in the investigation of complaints by the Information Regulator

4.15 Once a complaint is initiated by a complainant regarding a decision made by an Information Officer and the Information Regulator decides to investigate the complaint, the Information Regulator will bring the complaint to the attention of the Information Officer of the body concerned and will inform him/her of its intention to investigate.

4.16 An Information Officer will then be afforded 20 working days after the receipt of the complaint from the Information Regulator to respond to the complaint and produce any item or document on which he/she based his or her decision on in a manner the Information Regulator requests.

4.17 Information Officers must keep in mind that, in complaint proceedings, the investigative power of the Information Regulator is similar to those enjoyed by the High Court in terms of section 80 of PAIA relating to the disclosure of records to it and non-disclosure of records by it. In this regard, section 80 empowers the Information Regulator to examine the record in question and provides that no record may be withheld from the Information Regulator.

5. Generally, the Regulations set out the procedure to be followed for accessing certain records of public and private bodies as well as political parties. To this end, the Regulations contain various forms dealing with, amongst others, requesting a copy of the guide (as mentioned in paragraph 4 above), requesting a record, the outcome of requests and fees payable for requests, lodging of internal appeals against request decisions and lodging of complaints with the Information Regulator.

Conclusion

6. The Regulations seek to ensure a seamless transfer of the functions of the SAHRC to the Information Regulator. Furthermore, the Regulations aim to set out the functions and procedures of the Information Regulator in a simple manner as evinced by the various procedures and forms contained therein guiding on how information access rights may be exercised.

7. Accordingly, it is important for Information Officers to take cognizance of these functions and procedures as custodians for giving effect to the rights of access to information in addition to the other responsibilities placed on them.

by Ahmore Burger-Smidt, Director and Head of Data Privacy and Cybercrime Practice and member of Competition Law Practice; and Dale Adams, Associate.

Read more about POPIA: A Guide to the Protection of Personal Information Act of South Africa.