With the POPIA frenzy of the last few months simmering down thanks to the extension by the Information Regulator for registering Information Officers and PAIA manuals alike, companies have been given more time to fully engage in discussions regarding what the new law means for them, and what obligations they need to fulfil. But do not be fooled by the extension and fall back into the routine of waiting for the last minute to get your POPIA ducks in a row. In this short article, we will unpack the role of the Information Officer in private organizations, and how it is not to be taken lightly.

Who is the Information Officer?

In terms of the POPIA, as well as the Promotion of Access to Information Act (PAIA), information officers are automatically appointed based on their position in the company. The Acts both refer to the individual automatically appointed being one which holds the office of CEO or an equivalent thereof. However, given the extensive nature of the responsibilities that are imposed upon the Information Officer, he/she may authorize another individual to fulfil this duty as well as to appoint Deputy Information Officer(s). This must be registered with the Information Regulator prior to assuming the duties imposed.

When looking at appointing a Deputy Information Officer(s) or authorizing another individual to act as Information Officer, regard must be taken to what the role requires. Whilst there are no set qualifications or skills that is required of the Information Officer, it would be beneficial to ensure that whoever is fulfilling the role has a good understanding of the operations of the organization, has sufficient capacity to ensure they fulfil their duties and functions as required, that they have the support of management of the organization, and in some cases a basic understanding of information technology as well as the legal side of it all.

Notwithstanding the role being authorized or designated to deputies, the individual that was automatically appointed under PAIA and POPIA will at all times maintain the accountability and responsibility thereof, and thus should ensure that if they will not be fulfilling the role themselves, that they choose the correct individual to assist them herein.

Duties of the Information Officer

As mentioned above, the Information Officers must first be registered with the Regulator prior to assuming their duties. These duties that they are required to fulfil are:

  • To encourage and ensure that the organisation complies with POPIA, as well as PAIA;
  • To ensure that they are registered with the Information Regulator;
  • To deal with any and all requests made in respect of POPIA;
  • To co-operate with the Information regulator (including investigations that may be conducted);
  • To enable data subject participation;
  • To conduct personal information impact assessments;
  • To conduct internal awareness sessions; and
  • To develop, implement and monitor a compliance framework.

Liability of the Information Officer

While there are no set qualifications for the role of Information Officer, it is imperative to ensure that the right individual assumes the role as there is great consequences for Information Officers where there is non-compliance with the Act. As the individual ultimately responsible to ensure the organizations compliance with POPI, any issue of non-compliance may result in the Information Officer being held personally liable. In these instances, the results may range from the imposition of a hefty fine, to imprisonment.

Conclusion

Although POPIA has been looming for several years, many organizations and individuals are still unclear on what is required from them as well as how to ensure that there is overall compliance with the law. The consequences are dire for the organization as well as Information Officers should there be non-compliance and for this reason, it is imperative that you do not delay on taking the necessary steps to ensure your organization is POPIA compliant, as well as to ensure your employees are sufficiently trained to assist herein.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.