Enforcement Committee beefs up powers of Information Regulator

The committee comprises 14 experts in information security, education, finance accounting, auditing, actuarial science, forensics and criminal investigations. They’ll be able to make recommendations for criminal action and the only recourse is through the courts.
A year after the Information Regulator’s enforcement powers came into effect on 1 July 2021, it has finally established an enforcement committee to take on matters related to the Protection of Personal Information Act (Popia) and the Promotion of Access to Information Act (Paia).
That’s bad news for private and public entities accused of being sloppy with personal information or that have failed to comply with Paia applications.
Based on the global data privacy standard, the European Union’s General Data Protection Regulation, Popia protects the right to privacy, as set out in Section 14 of the Constitution by holding every company, public entity and organisation accountable for how they collect, store, process and use data.
Paia upholds the Constitutionally guaranteed right to access information. Section 32(1) of the Bill of Rights provides for the right of access to information held by the state; and any information held by another person that is required for the exercise or protection of any rights.
Popia requires every responsible party (i.e. the person accountable for the processing of personal information within a public body or organisation, ultimately the CEO, municipal manager or director-general) to appoint and register an information officer with the Information Regulator.
Paia, meanwhile, holds those information officers responsible for providing access to personal information, while Popia obliges them to comply with data processing. The latter also requires information officers to ensure compliance with Popia and to assist the regulator with investigations.
The two pieces of legislation, therefore, balance the right to privacy with the right to access to information.
The Enforcement Committee, which will be chaired by advocate Helen Fourie SC, with Simonè Margadie as the alternative chairperson, comprises 14 independent members with expertise in law, information security, education, finance accounting, auditing, actuarial science, forensics and criminal investigations.
It will make findings on Paia and Popia complaints and make recommendations to the Regulator.
Visit Daily Maverick’s home page for more news, analysis and investigations
During the induction of the committee on 22 July 2022, Information Regulator advocate Pansy Tlakula hailed the inauguration as a “historic moment” for the body because, for the first time since its establishment in 2016, it can now enforce its powers and “provide an effective remedy to the complainants whose right to privacy ...