The Information Regulator released the Information Regulator Strategic Plan for 2017 – 2020 on 9 June 2017. This plan is quite important and requires all private and public bodies to sit up and take note. It contains an explanation of the key strategic goals that the Information Regulator has set for itself for the implementation of POPIA and PAIA – laws that affect all those persons and organisations. Every organisation should familiarise themselves with the plan. This plan presents an opportunity to start engaging with the Information Regulator, receive advice on how to comply, and possibly influence how it will implement POPIA and PAIA.
Is the POPIA commencement date in the Information Regulator Strategic Plan?
The short answer is: No, the plan does not provide us with a POPIA commencement date, but it does provide good insight into how the Information Regulator will implement POPIA. The plan outlines the Information Regulator’s strategic goals for the next few years, particularly including 2017 and 2018. It is unlikely that POPIA would commence before the Information Regulator has made good progress on these goals. This indicates that the commencement date will likely be around the middle or end of 2018, after the Information Regulator has laid a lot of the groundwork it outlines in its plan. It is, however, possible that the Information Regulator may set an earlier commencement date, somewhere in the beginning of 2018 perhaps.
Why is the Information Regulator Strategic Plan important for you?
The plan is important because it outlines the Information Regulator’s role in enforcing data protection and access to information. It indicates that the Information Regulator is more focussed on starting its work by actively helping organisations comply with POPIA and PAIA, before moving on to punishing any non-compliance by those organisations. Amongst its other mandates, the Information Regulator will:
- Help public and private bodies in various industries develop and improve their codes of conducts by advising them and issuing guidelines,
- Draft regulations, and
- Advise or mediate in disputes related to data protection and access to information.
The plan also outlines seven strategic goals that the Information Regulator has, namely:
- raising awareness and understanding about rights related to data protection and access to information,
- creating an environment where there are no laws, policies and technologies hindering data protection and access to information,
- ensuring the proper regulation of data protection and access to information,
- building a good relationship with public and private bodies and ensuring that they know the law,
- resolving complaints and ensuring proper protection of information and access to it,
- conducting research on international data protection and access to information laws, and
- ensuring its general functionality and independence.
Another important aspect of the plan is its mention of litigation that the Information Regulator has already involved itself in. In the Black Sash Trust v Minister of Social Development and Others case, the Constitutional Court, the highest court in South Africa, showed its willingness to adopt the Information Regulator’s interpretations on data protection. This means that just because POPIA has not commenced yet does not mean that data subjects cannot involve both the courts and the Information Regulator in order to take action against an organisation that has failed to protect their personal information. The Information Regulator’s intervention in any case (before POPIA becomes effective) will serve to guide the courts on how to apply the current common law and constitutional principles on the right to privacy. In a speech it released on 17 March 2017, the Information Regulator hailed the judgment and emphasised the dawn of a new era in our society.
Ultimately, whether you are a public or private body, you must follow all the developments closely for the next 18 months. It will be important to engage with the Information Regulator sooner rather than later. This may include asking the Information Regulator to intervene in disputes, for example, that you have about data protection or access to information.
For more on the strategic goals, you can read a copy of the Information Regulator Strategic Plan.
Actions you can take
- Find out more about the Information Regulator and how to comply with POPIA by asking us to advise you on Privacy and Data Protection.
- Comply with the laws on access or freedom of information that apply to you by asking us to answer your questions on Access to Information Law.
- Be alerted to any new developments by subscribing to our newsletter.