Responsibilities of Information Officers
With Regulation 4 being effective as from 1 May 2021, information officers will be required to comply with the following:
- develop, implement, monitor and maintain a compliance framework;
- undertake a personal information impact assessment to ensure that adequate measures and standards exist;
- develop, monitor and maintain an access to information manual required in terms of the Promotion of Access to Information Act 2 of 2000 (PAIA) (commonly known as a PAIA manual);
- develop internal measures and systems to process requests for information or access; and
- conduct internal awareness sessions.
This would mean that the Information Regulator is likely to communicate the mechanism or process to allow for the registration of information officers in the coming weeks, in order that information officers may assume their duties.
Issuing a code of conduct under the Guideline
Chapter 7 of POPIA provides for the development of codes of conduct which may apply to certain types of personal information, specific industries, professions, bodies or to specific types of activities.
The Guideline which has been published, is for the development of codes of conduct by the relevant industry bodies in terms of section 65 of POPIA. The Guideline provides guidance to industry bodies on the making of an application for a code of conduct to be approved by the Information Regulator. The Regulations prescribe the form for such application to the Information Regulator which may be submitted as from 1 March 2021.
With the remainder of the Regulations to commence on 1 July 2021, it is now more important than ever for businesses to ensure that their processing of personal information complies with the provisions of POPIA.