When, in the early 1990s, the personal computer was becoming popular in South Africa, people were slowly but surely starting to migrate physical activity to a digital form. Soon, programs like Microsoft Word became a home and office staple. After the shift from physical data processing to digital data processing, came the shift from manual digital processes to automated processes. This digitalisation of data has brought many challenges to protecting privacy rights and thereby protecting individuals.
For this reason, data privacy laws and regulations have become prominent in national legislatures across the world. For South Africa, the laws set in place to govern the protection of private information is by way of the Promotion of Access to Personal Information Act (PAIA) as well as the Protection of Personal Information Act (POPI).
By law, all businesses or other entities who process personal information need to have a variety of measures in place to ensure the protection thereof. One of these measures is to give the responsibility of protecting information over to a responsible party within a business and hold them accountable for the use/misuse of the data they hold.
Who should I appoint as Information Officer?
By default, PAIA makes someone responsible for personal data that is processed on behalf of their business. In most cases this default person is simply the owner of the business. However, business owners may appoint someone else as Information Officer to take responsibility for the business’s handling of data.
While there are no official qualification requirements for Information Officers, it is highly advisable that you appoint a person with experience in managing digital assets. And, depending on the size of your organisation and the quantity of personal information you store, manage, and use, you may opt to create a permanent role for the Information Officer. You could also choose to give over responsibility to an outside party – however, the additional risks of this approach must be considered.
What is the role of the Information Officer?
An Information Officer, as laid out in the POPI Act, is responsible for the following:
What must the POPI manual elucidate?
The points listed above are not exhaustive but give a good overview of what can be expected of an Information Officer. For further information, or to put a thorough process in place for POPI compliance, it is highly advised that you speak to your advisor regarding the necessary subsequent steps to take.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)