South Africa’s Information Regulator’s Popia Launches Live Online Portals

South Africa’s Information Regulator’s Popia

The Information Regulator has established online portals for public and private bodies to use to submit their Promotion of Access to Information Act (Paia) section 32 reports and to register their information officers (IOs).

In a statement, the regulator said the online portals are meant to improve efficiency. It has promised quick turnaround for submission of section 32 reports and registration of IOs.

“Manual applications will continue to be administered to accommodate special circumstances. However, we strongly encourage all public and private bodies to use the portals because it is cost-effective and saves time.

The regulator exercises its powers and performs its functions in accordance with Popia and Paia

South Africa’s Information Regulator’s Popia

“The regulator exercises its powers and performs its functions in accordance with Popia and Paia. Its mandate is to enforce and monitor compliance by public and private bodies with the two pieces of legislation, so as to ensure the protection of information and effective access to information for all persons,” it said.

Read also : Nigerian Fintech Startup Vella to Boost Borderless Money Transfers

Paia gives effect to section 32 of the constitution, which provides that everyone has the right of access to any information that is held by the state as well as any information that is held by another person that is required for the protection of any rights.

Section 32 of Paia applies to public bodies, which are any departments of state or administration in the national, provincial and local municipalities, or any other public institution exercising power in terms of the constitution.

Public bodies also include any other institution exercising public power or performing a public function in terms of any legislation.

IOs are obligated to submit section 32 reports to the regulator annually. IOs are by default the heads of departments, administrations and municipalities, such as director-generals and municipal managers.

“The purpose of the report is to give an account of the number of requests for access received; access granted in full; access granted in terms of section 46 (mandatory disclosure in the public interest); access refused fully or partially; cases extended; internal appeals to relevant authority; and the number of internal appeals that were refused on the ground that an internal appeal was regarded as having been dismissed,” the Regulator explained.

The annual reports currently due for submission are for the financial period 2021/2022. Public bodies must submit their annual reports by 9 September 2022. 

Read also : Cameroon’s Taaply Raises $500K To Digitize Business Cards

Popia was enacted to promote the protection of personal information processed by public and private bodies and introduces minimum conditions for the lawful processing of personal information, and an obligation on IOs of public and private bodies to designate and delegate any power or duty to deputy IOs.

Public and private bodies who had registered using the manual registration and received their certificates are advised not to reregister.

“The registration portal is for public and private bodies to register their IOs with the regulator before an IO assumes their duties. The IO is responsible to ensure that the body complies with the eight conditions for lawful processing of personal information,” the regulator said.

The Information Regulator had previously introduced a manual process for registration, which was used while it was reconfiguring the online system that had technical glitches in 2021.

“Public and private bodies who had registered using the manual registration and received their certificates are advised not to reregister. The portal has been upgraded and will have the functions to register IOs, allow for amending, and updating details of the respective bodies.

Read also : Nigerian Fintech Startup Vella to Boost Borderless Money Transfers

“Public and private bodies should comply with these requirements and use the portals made available. It is to be noted that non-compliance with these statutory requirements is a contravention of the law.”

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Schools May Face Penalties for PoPIA Non-Compliance in South Africa

President Cyril Ramaphosa

 

South African authorities have warned that with the third wave of COVID-19 crashing upon the country and amidst increasing calls for schooling to be temporarily suspended, it could prove helpful for educational institutions across the country to use the time away from teaching to put some focus into protecting their data privacy.

President Cyril Ramaphosa
President Cyril Ramaphosa

Schools and other tertiary institutions store and process more personal information than most other organisations, they are by far the most affected by the Protection of Personal Information Act, No 4 of 2012 (PoPIA), which comes into effect on 1 July 2021.

Read also:South Africa Imposes Another Booze Restrictions as 3rd Wave Soar

In terms of the data protection laws, all private and public bodies processing personal information, are required to have implemented policies and procedures in order to be compliant. This is including bodies in the education sector.

Many of these institutions have heaps of old computer equipment lying in their storerooms. This equipment has huge amounts of data, not only on the pupils but on parents and teachers as well. This provides significant private information concerns. Reckless disposal of electronics is a huge source of illicit information and it often puts schools at risk.

Xperien ITAD specialist Bridgette Vermaak warns schools to comply by ensuring that the data on all their retired electronics is erased or destroyed according to the PoPIA regulations.

Read also:How South African Government Lost Majority Stake in South African Airways

“Deleting files is not sufficient. Data erasure and IT asset disposal have legislative requirements, compliance to PoPIA, the National Environmental Waste Management Act 2008 (NEMWA 2008), the Consumer Protection Act 68 of 2008 (CPA) and General Data Protection Regulations (GDPR),” Vermaak says.

According to legislation, schools and other tertiary institutions are required to manage the complete destruction of all data when IT assets reach end-of-life. PoPIA requires them to practice due diligence and ensure their storerooms go through the expected data erasure techniques essential to protect company data.  

Schools that manage IT asset disposition internally continue to struggle with data security and proper environmental recycling. Efficient IT infrastructure life cycle management and secure IT asset disposition (ITAD) can help them maximise value at every stage of their technology investment.

IT Asset Disposal (ITAD) services have become a legal requirement; they are no longer a luxury. It is crucial to find a professional ITAD provider that can offer data sanitisation and destruction services to protect the data.

Read also:New $155m Fund For African Solar Energy Businesses, Courtesy Of AREF II Fund

Value recovery is a crucial part of the process, schools need to receive fair market value for end-of-life and redundant IT equipment. Professional ITAD service providers normally offer to purchase these assets, this includes the collection, data erasure and reporting. More importantly, most of these institutions are also missing out on the opportunity to get money back for their used IT equipment.

Schools also need to implement a data protection programme that aims at helping pupils understand their responsibilities. Children must understand the implications of unauthorised publishing of personal information and images of third parties, including all social media platforms like Whatsapp, Facebook and Instagram.

It could cause serious harm to the school, its stakeholders and its learners, concludes Vermaak.

 

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry