Duties and Responsibilities of the Information Officer in terms of the Protection of Personal Information Act No 4 of 2013 (“POPIA”)
Both a public and private body have information officer by law.
In terms of POPIA:
A “private body” means
(a) a natural person who carries or has carried on any trade, business or profession but only in such capacity;
(b) a partnership which carries or has carried on any trade, or business or profession;
(c) any former or existing juristic person, but excludes a public body
A “public body” means
- any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or
- any other functionary or institution when:
- exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or
- exercising a public power or performing a public function in terms of any legislation.
The information officer and deputy information officer(s) if applicable are required to be registered with the Information Regulator.
Guidance by the Information Regulator in April 2021 has indicated amongst other things that the Information Officer:
- must be registered in respect of each subsidiary within a group of companies;
- report to the highest management office within the body; and
- have a reasonable understanding of the business operations and processes of the body.
The responsibilities and duties of an information officer in terms of POPIA and the regulations include:
- Developing, implementing, monitoring and maintaining a compliance framework.
The extent of this exercise will differ from organisation to organisation and internal or external assistance my be required.
- Conducting personal information impact assessments to ensure adequate systems and measures exist to ensure compliance with POPIA.
- Develop and implementing a Promotion to Access of Information Act (“PAIA”) manual however currently there is an exemption in respect of certain private bodies until the end of 2021.
- Ensuring that internal measures and adequate systems are in place to address requests to the organisation in respect of information;
- Conducting of staff awareness addressing provisions of POPIA, the regulations, codes of conduct if any and information obtained by the regulator.
Further, the information officer will be required to:
- Encourage and otherwise ensure compliance with POPIA;
- Deal with requests made to the body in terms of POPIA;
- Work with the regulator regarding investigations in respect of the body.
Additional responsibilities may be prescribed in time.
The information officer of a public body has an additional reporting function in terms of section 32 of PAIA in terms of which information officers must report to the Information Regulator regarding the number of requests made in respect of access to information and how same have been addressed. The Information Regulator may require a private body to furnish it with information pertaining to requests made to the private body in terms of PAIA.
Article by Lisa Boogaard
19 Sep 2021