The Protection of Personal Information Act (POPIA) requires every public or private body that determines the purpose of, and means for the processing of, personal information to appoint and register an information officer and deputy information officer with the Information Regulator.
Who is the Information Regulator?
One can describe the Information Regulator as “an independent body established in terms of section 39 of the Protection of Personal Information Act 4 of 2013. It is subject only to the law and the constitution and is accountable to the national assembly.”
The Information Regulator is able to promote, enforce and fulfil the rights protected by the Protection of Personal Information Act (POPIA), 2013(act 4 of 2013) and the Promotion of Access to Information Act (PAIA), 2000 (act 2 of 2000).
Section 41(1) of the POPIA provides that the Information Regulator comprises a Chairperson and four other persons, as ordinary members of the Information Regulator.
The section further mentions that these members of the Information Regulator must be appropriately qualified, fit and proper persons: –
- At least one of whom must be appointed on account of experience as a practising advocate or attorney or a professor of law at a university; and
- The remainder of whom must be appointed on account of any other qualifications, expertise and experience relating to the objects of the Regulator.
Section(41)(2) provides the capacity in which the Chairperson and the members are appointed. The President appoints the Chairperson and the members of the Regulator. Subsection (3) notes that these members of the Regulator can only be appointed for only five years, and thereafter, they will be eligible to be reappointed.
Duties and Functions of the Information Regulator
The Information Regulator issues Codes of Conduct to bodies and assists these bodies with guidelines for developing and applying these Codes of Conduct.
The Codes of Conduct are introduced in Chapter 7 of the POPIA and contribute to the correct implementation of the eight conditions for the lawful processing of personal information, which are stipulated in Chapter 3 of the POPIA Act.
Complaints and the lodging of same are provided in Chapter 10 of the POPIA Act, and these are lodged with the Information Regulator.
These are complaints regarding any interference of any personal information that is to be protected. Any natural person and/or data subject can submit complaints to the Regulator, whether it directly or indirectly affects them.
In terms of section 73 of the POPIA, it notes what the interference with the protection of the personal information of a data subject consists of, and failing to avoid these interferences can cause a complaint being lodged. Section 76 further notes that the Regulator may investigate upon receiving the same complaint and the manner in which the investigation is to be conducted. It must be noted that the Regulator may, however, on own initiative institute an investigation into the interference with the protection of personal information of a person should the need arise.
Contact your nearest SEESA office for Consumer Protection assistance. Alternatively, leave your contact details on our website for a legal advisor to contact you.
About the Author:
Shanay Reddy started her career at SEESA in 2016 and is currently a Consumer Protection and POPI Legal Advisor SEESA’s Durban branch. Shanay obtained her LLB from The University of South Africa in 2019.
Resources: