Jun 30,2021 / News / E-Bulletin

by Ahmore Burger-Smidt, Director and Head of Data Privacy and Cybercrime Practice and member of Competition Law Practice; and Dale Adams, Associate

 

  1. The Information Regulator is more than a Protection of Personal Information Act 4 of 2013 (“POPIA“) As of 30 June 2021, the Information Regulator will be taking over the regulatory mandate functions relating to the Promotion of Access to Information Act 52 of 2000 (“PAIA“).[1]
  2. This follows a proclamation by the President of sections 110 and 114(4) of POPIA which provides for the amendment of PAIA and the effective transfer of certain functions currently performed by the South African Human Rights Commission (“SAHRC“) to the Information Regulator on 30 June 2021. This was further confirmed by the Information Regulator in a media statement published on 29 June 2021.
  3. One of the key changes brought about by the Information Regulator assuming the functions of the SAHRC relate to PAIA manuals, the scope of information that the manual must cover has been widened to include matters relating to the processing of personal information in terms of POPIA. Section 17 of POPIA read with section 51(1) of PAIA provides that a responsible party must maintain a record of all processing operations (activities) under its responsibility in a PAIA manual. This therefore means that existing PAIA manuals must be updated to take into account the requirements of POPIA such as, amongst others, –3.1 purposes of the processing;

    3.2 a description of the categories of data subjects and the types of personal information relating thereto; and

    3.3 planned transborder flows of personal information.

  4. PAIA gives effect to section 32 of the Constitution[2] which provides for the right of access to information in a manner that affords persons a means to obtain the records of private and public bodies in a speedy, inexpensive and easy manner. In this regard, some key objectives of PAIA are to promote transparency, accountability and effective governance of all public and private bodies, as well as to assist the members of the public to effectively scrutinise and participate in decision making by public bodies.
  5. In an attempt to “simplify” the compilation process of PAIA manuals in terms of section 51 that applies to public entities, the Information Regulator announced that it will publish PAIA manual templates in due course to serve as a guide. This should go a long way in assisting especially small and medium sized companies. These manuals will be an absolute requirement in time to come.
  6. To date there has been an exemption in place that has made provision that smaller private bodies was not required to develop and implement such a manual. This exemption expires on 30 June 2021.
  7. Minister of Justice and Correctional Services, Mr. Ronald Lamola, on 29 June 2021 extended the current exemption by a further six (6) months effective from 1 July 2021 to 31 December 2021. This will afford private bodies that are currently exempted adequate time to compile their PAIA manual including a section dealing with POPIA.
  8. Looking forward, effective from 1 January 2022, all public and private bodies (including those that are currently exempted) must have their PAIA manuals available at their principal place of business or on their website.
  9. This is an aspect that requires attention and should not be neglected. Six months is not a long time to get your house in order.

[1] See the media statement by the Information Regulator, dated 29 June 2021 available at https://www.justice.gov.za/inforeg/docs/ms-20210629-PAIA-SAHRC.pdf, accessed on 30 June 2021.

[2] The Constitution of the Republic of South Africa, 1996.