Who is the Information Officer?
The Information Officer of a business is by default the owner of a business. In the case of a sole proprietor the Information Officer will be the sole proprietor or duly authorised by the sole proprietor. In the case of a partnership, any partner of the partnership or any person duly authorised by the partnership. In the case of a juristic person, the chief executive officer (CEO) or equivalent officer of the juristic person or any person duly authorised by that officer or the person who is acting as such or any person duly authorised by such acting person. The business may appoint deputy Information Officer(s) to assist the Information Officer to perform their duties and responsibilities. The Information Officer will however be the ultimate responsible person to report to the Information Regulator.
What is the duties and responsibilities of the Information Officer?
- The encouragement of compliance, by the business, with the conditions for the lawful processing of personal information.
- Dealing with requests made to the business pursuant to the Protection of Personal Information Act (POPI).
- Working with the Regulator in relation to investigations conducted pursuant to prior authorisation required to process certain information of this Act in relation to the business.
- Ensuring compliance by the business with the provisions of this Act. This is an ongoing responsibility that will include training of new staff and to update internal policies.
Where will the Information Officer be registered?
The business and the Information Officer as representative of the business must be registered at the Information Regulator.
Who is the Information Regulator?
The Information Regulator is a new Regulator that has been created by the POPI Act. The sections of POPI that relate to the Information Regulator have already commenced. The Information Regulator is a juristic person which has jurisdiction throughout the Republic. It is independent and is subject only to the Constitution of South Africa and to law and must be impartial and perform its functions and powers without fear, favour and prejudice and in accordance with the POPI and PAIA Act. The Information Regulator is accountable to the National Assembly. The office of the Information Regulator will be made up of Advocate Pansy Tlakula as the chair, Advocate Cordelia Stroom and Mr Johannes Weapond as full-time members, and Prof Tana Pistorius and Mr Sizwe Snail as part-time members.
More details on the information regulator at http://www.justice.gov.za/inforeg/
What are the consequences for the Information Officer and the business for not complying with the POPI Act?
The business may be charged with an administrative fine or the Information Officer may be imprisoned if a section/sections of this Act are contravened. The fines may not exceed R10 million and imprisonment may not exceed 10 years.
It is therefore very important that the Information Officer ensures that the business complies with the POPI Act and that all the POPI procedures in the business are updated on a regular basis. The Information Officer must ensure that personal information is lawfully processed, safeguarded and destroyed as it could have serious consequences for the business and for the Information Officer in their personal capacity if the business does not comply with the POPI Act.
ABOUT THE AUTHOR
Werner Brückner is currently the SEESA Consumer Protection & POPI Provincial Manager. He obtained his LLB degree cum laude from the University of Pretoria in 2002, after which the attended School for Practical Legal Training at University of Pretoria. He is an admitted attorney, notary and conveyancer of the High Court of South Africa. Prior to joining SEESA Consumer Protection & POPI in 2010, he worked as a SEESA Labour Legal Advisor in Cape Town since 2004.