Picture yourself sitting on your couch at home, causally flicking through channels. The Information Regulator and data protection are the last things on your mind; and yet there you are, stumbling onto a press conference the Information Regulator is doing. In it, they’re talking about the trends they’ve noticed in data protection and access to information. Adv Pansy Tlakula’s face appears on your TV screen, unsmiling and annoyed. She says not enough organisations care about protecting personal information, and take the measures necessary to protect the information. In fact, she says, organisations aren’t even seeing the importance of access to information at all.

What goes through your mind? Are you worried? Are you thinking, in that moment, that it’s only a matter of time before the Information Regulator gets you? Or are you at ease, completely laid back, with one leg even rested on the armrest? Are you unworried because you know that your organisation is hitting the sweet spot of data protection and access to information, that if Adv Tlakula came to inspect your organisation, she’d smile more than you did in your graduation or wedding photos?

How do you make the Information Regulator happy?

Allow me the chance to sound silly for a moment… Making the Information Regulator happy doesn’t involve tickling any of the members of that office. It doesn’t involve buying anyone cake. In fact, I’ll go as far as saying it doesn’t involve quoting Adv Tlakula’s favourite author in an email you send to her. The answer lies in something both simple and a bit complex: care about people and protecting their personal information. In reading this, I know you’re immediately asking: Sicelo, how does caring about people and data protection make the regulator happy, and how do I show that I care?

Before I get to the answer, here’s a thought to get your blood flowing:

The Information Regulator is like the taxman, they always find a way to get you…

Now that your blood is pumping, let me help you relax again: there’s no need to panic. The regulator isn’t out to get you. They’re out to enforce PAIA and POPIA. And, with that in mind, let me list some of the things you can do to make the them happy:

  • Formally appoint and train an Information Officer to ensure that you have someone to drive your data protection project, someone the regulator can talk to if they want to reach out to your organisation. Also, be sure to register the officer.
  • Understand that people who interact with your organisation are relying on you to put security measures in place to protect their personal information. Those people want you to spend the right amount of time thinking about data protection, and not to push the issue to the bottom of your list of priorities.
  • Work out what else your organisation may have to do in respect of access to information, in addition to getting a PAIA Manual in place.
  • Be sure to occasionally visit the Information Regulator’s website. Don’t be a stranger to it, because there’s useful information you might miss out on.
  • Lastly, quickly work out what you think you can do yourself and what you can’t. In my time helping clients, I’ve seen many data protection projects fail because the client didn’t realise that some things just need external expertise.

There are many and more tips I can give you to help you work out a way forward in respect of data protection and access to information. These are vast topics, however, that aren’t possible to summarise in one post.