Section 50(1) of the Protection of Personal Information Act 4 of 2013 (POPIA) directs the Information Regulator to appoint an Enforcement Committee (the Committee).
In terms of section 92 of POPIA, where the Information Regulator has completed an investigation of a complaint or other matter in terms of POPIA, it may refer the complaint or other matter to the Committee for consideration.
In addition, section 77C of the Promotion of Access to Information Act 2 of 2000 (PAIA) states that the Information Regulator may refer to the Committee any complaint it receives that a public or private body has failed to comply with any duty imposed on it by PAIA.
In terms of section 93 of POPIA, when a complaint is referred to the Committee by the Information Regulator, the Committee must consider the complaint and make a finding. In this regard, the Committee may make any recommendation to the Information Regulator necessary or incidental to any action that should be taken against a responsible party in terms of POPIA, or against the information officer or head of a private body (in terms of PAIA).
Based on the Committee’s recommendations, whether in terms of POPIA or PAIA, the Information Regulator may issue a party in default with an enforcement notice, requiring it to take or refrain from any specified action. A party (in the case of a company, its information officer) found to have committed an offence in terms of POPIA or PAIA may be issued an administrative fine as high as R10 million per offence, and potentially even imprisonment of up to 10 years.
POPIA came into effect on 1 July 2021. In the period since then, 150 PAIA complaints and 544 POPIA complaints have been submitted to the Information Regulator.
On 4 August 2022, the Chairperson of the Information Regulator announced the establishment of the Enforcement Committee and appointed Advocate Helen Fourie SC as the chair of the Committee and Ms Simonè Margadie as the alternative chair. The Committee comprises of 14 independent experts with a variety of pertinent backgrounds.
As a result, the Information Regulator’s capacity to enforce its powers and assist complainants whose right to privacy and right of access to information has been infringed will be considerably enhanced. Parties responsible for processing personal information or faced with requests for access to information can now expect the Information Regulator to be far more proactive in taking action to ensure that PAIA and POPIA are complied with.
For assistance, contact: Ryszard Lisinski: Tel: +27 11 328 9333 | Email: firstname.lastname@example.org Ian Jacobsberg: Tel: +27 11 328 1756 | Email: email@example.com