ARTICLE
21 September 2021

The Role Of The Information Officer Under POPIA

SI
SchoemanLaw Inc.

Contributor

SchoemanLaw Inc. logo
SchoemanLaw Inc Attorneys, Conveyancers and Notaries Public, based in Cape Town, is a boutique law firm offering its clients access to high quality online legal documents and agreements, together with a wide range of legal services. The firm has an innovative and entrepreneurial mind-set that distinguishes it from other law firms. We apply our first-hand understanding of the challenges facing entrepreneurs (regardless of their business size) to develop proven, practical solutions incorporating legal compliance, risk aversion and business sense. We achieve this by offering clients tailored, yet holistic support comprising of legal gap analysis, the construction of tailored legal solutions and the practical implementation thereof through training and automation.
Explore
The Acts both refer to the individual automatically appointed being one which holds the office of CEO or an equivalent thereof.
South Africa Corporate/Commercial Law
Photo of Schoemanlaw Inc.
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

With the POPIA frenzy of the last few months simmering down thanks to the extension by the Information Regulator for registering Information Officers and PAIA manuals alike, companies have been given more time to fully engage in discussions regarding what the new law means for them, and what obligations they need to fulfil. But do not be fooled by the extension and fall back into the routine of waiting for the last minute to get your POPIA ducks in a row. In this short article, we will unpack the role of the Information Officer in private organizations, and how it is not to be taken lightly.

Who is the Information Officer?

In terms of the POPIA, as well as the Promotion of Access to Information Act (PAIA), information officers are automatically appointed based on their position in the company. The Acts both refer to the individual automatically appointed being one which holds the office of CEO or an equivalent thereof. However, given the extensive nature of the responsibilities that are imposed upon the Information Officer, he/she may authorize another individual to fulfil this duty as well as to appoint Deputy Information Officer(s). This must be registered with the Information Regulator prior to assuming the duties imposed.

When looking at appointing a Deputy Information Officer(s) or authorizing another individual to act as Information Officer, regard must be taken to what the role requires. Whilst there are no set qualifications or skills that is required of the Information Officer, it would be beneficial to ensure that whoever is fulfilling the role has a good understanding of the operations of the organization, has sufficient capacity to ensure they fulfil their duties and functions as required, that they have the support of management of the organization, and in some cases a basic understanding of information technology as well as the legal side of it all.

Notwithstanding the role being authorized or designated to deputies, the individual that was automatically appointed under PAIA and POPIA will at all times maintain the accountability and responsibility thereof, and thus should ensure that if they will not be fulfilling the role themselves, that they choose the correct individual to assist them herein.

Duties of the Information Officer

As mentioned above, the Information Officers must first be registered with the Regulator prior to assuming their duties. These duties that they are required to fulfil are:

  • To encourage and ensure that the organisation complies with POPIA, as well as PAIA;
  • To ensure that they are registered with the Information Regulator;
  • To deal with any and all requests made in respect of POPIA;
  • To co-operate with the Information regulator (including investigations that may be conducted);
  • To enable data subject participation;
  • To conduct personal information impact assessments;
  • To conduct internal awareness sessions; and
  • To develop, implement and monitor a compliance framework.

Liability of the Information Officer

While there are no set qualifications for the role of Information Officer, it is imperative to ensure that the right individual assumes the role as there is great consequences for Information Officers where there is non-compliance with the Act. As the individual ultimately responsible to ensure the organizations compliance with POPI, any issue of non-compliance may result in the Information Officer being held personally liable. In these instances, the results may range from the imposition of a hefty fine, to imprisonment.

Conclusion

Although POPIA has been looming for several years, many organizations and individuals are still unclear on what is required from them as well as how to ensure that there is overall compliance with the law. The consequences are dire for the organization as well as Information Officers should there be non-compliance and for this reason, it is imperative that you do not delay on taking the necessary steps to ensure your organization is POPIA compliant, as well as to ensure your employees are sufficiently trained to assist herein.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Schoemanlaw Inc.
Schoemanlaw Inc.
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More