South Africa’s Information Regulator conducts PAIA compliance assessments on public and private bodies in terms of section 77H of the Promotion of Access to Information Act (PAIA). PAIA plays a crucial role in an organisation’s transparency and accountability to the public. South Africa’s Information Regulator has certain responsibilities to monitor an organisation’s compliance with PAIA, including commencing PAIA compliance assessments.
Recently, the regulator requested that the heads of all private bodies submit a PAIA section 83(4) report (PAIA report) to them through their portal. The deadline to submit the reports is 30 June every year. Public bodies also need to submit PAIA section 32 reports. All organisations must submit their report by the deadline.
Private and public bodies need to submit their PAIA reports yearly
Suppose a private or public body fails to submit a report, or the report is not sufficiently complete or accurate. In that case, the regulator may launch an assessment into the organisation’s PAIA compliance. The regulator has already announced that it will assess political parties’ compliance soon.
PAIA assessments
Section 77H of PAIA empowers the regulator to conduct PAIA assessments on organisations to determine whether a public or private body generally complies with the provisions of PAIA, especially with regards to policies and implementation procedures.
We think this is an example of the regulator’s intention to make sure high public interest entities are compliant.
During the compliance assessment, the regulator may:
- Request information: The regulator can request relevant documents, policies, procedures and records from organisations. This is to assess if the organisation has proper systems to manage and respond to information requests.
- Inspect premises: The regulator may request that it visits an organisation’s premises to verify compliance with PAIA. This could mean examining physical records, observing information management practices, and evaluating the organisation’s overall commitment to promoting access to information.
- Interview staff: The regulator can interview an organisations to gather information about the processes and procedures followed when handling information requests. These interviews help determine the organisation’s level of compliance with PAIA.
What happens if the regulator finds that the organisation does not comply with its obligations under PAIA? In this instance, the regulator:
- can provide guidance and recommendations to help organisations rectify the issues,
- issue enforcement notices, or
- take further legal action if necessary.
Ultimately, a PAIA assessment will impact an organisation’s business operations. These assessments could be significantly time consuming and resource intensive too. You’ll want to do what you can to prevent being assessed.
Examples of a PAIA compliance assessment the Regulator has conducted
- Social media platforms. In 2024 the regulator conducted PAIA compliance assessments into Google, Facebook and TikTok. The regulator’s assessments of the social media platforms are an indication of the extra-territorial reach of PAIA.
- Law firms. The regulator conducted PAIA compliance assessments into seventeen law firms including the firms known as ‘the big five’ (Bowmans, Cliffe Dekker Hofmeyr, ENSafrica, Webber Wentzel and Werksmans).
- Schedule 2 public entities. The regulator assessed Schedule 2 public entities including the Development Bank of Southern Africa, Eskom, Telkom SA, and Transnet.
Actions you can take regards a PAIA compliance assessment
- Pass the PAIA compliance assessment by asking Michalsons to guide you through the process.
- Make sure you will pass the regulator’s assessment by joining our access to information programme and checking that you have taken the necessary action.
- Decide if you are a low public interest organisation or a high public interest organisation. Low public interest organisations can read what they should do.
- Submit the s83(4) report before the deadline to prevent being assessed by the regulator. You can do it yourself, or you can ask us for help.
- Get empowered to submit the s83(4) report yourself, and stay on top of PAIA developments by joining our access to information programme. We are holding a members-only webinar on 8 June 2023 called submitting your PAIA report to give you guidance. This is an aspect of our module called dealing with the information regulator. Our programme also helps you with all other aspects of access to information.
- Avoid the administrative burden of submitting the PAIA report by asking us to submit it for you on your behalf.
- Avoid getting an information notice from the regulator for failure to submit correct, detailed information by asking us for advice.