The Protection of Personal Information Act (Popi) impacts any person or organisation who holds any form of personal data. Corruption Watch is one of these organisations, and we take our responsibilities as a custodian of private information seriously.

We have put security measures in place that include Secure Socket Layer-encryption on our online report forms, encryption of whistleblower reports prior to storage in our database, and a firewall for all web traffic to help prevent distributed denial-of-service or brute force attacks. We also have a two-step authentication process for back-end access to our website. We do not hold any donor data on-site and our service provider PayGate, who does, uses the strictest form of encryption, namely Secure Socket Layer 3 or SSL3.

These steps indicate compliance with condition 7, security safeguards, laid out in chapter 3 of Popi.

Now, the Information Regulator has published draft regulations in the Government Cazette which relate to Popi, and is calling for comments from the public. Submissions must be received by no later than 7 November 2017. The draft also includes various forms to be used, among others, when objecting to the processing of personal data, requesting a correction or deletion of personal data, and seeking consent from a data subject.

In terms of section 113(3) of Popi, the Information Regulator, before making any regulations referred to in section 112(2) of Popi, must publish a notice in the Gazette—

  1. setting out that draft regulations have been developed;
  2. specify where a copy of the draft regulations may be obtained; and
  3. inviting written comments to be submitted on the proposed regulations within a specified period.

The Information Regulator invites interested parties to provide comments and inputs in this regard. Anyone wishing to comment on the draft regulations is invited to submit written comments to the Information Regulator on or before 7 November 2017. Comments should be marked for the attention of Ms M Mphelo, and –

(a)       if they are sent by e-mail, please send to

(b)       if they are forwarded by post, address them to

The Information Regulator
Private Bag X81

(c)        if delivered by hand, deliver to

The Information Regulator
SALU Building
316 Thabo Sehume Street (corner of Thabo Sehume and Francis Baard Streets)

(d)       if they are faxed, send the fax to 086 500 3351

Further information may be obtained from Ms M Mphelo at 012 406 4818.

Any person or entity who wants to meet with the Information Regulator to discuss any aspect of the draft regulations must make the necessary arrangements with the Information Regulator.


The Information Regulator’s main function is to prevent data subjects – people whose data is being used or examined – from harm, and it can hold to account those responsible for non-compliance.

It comprises three full-time and two part-time employees, and is headed by former Independent Electoral Commission chairperson Advocate Pansy Tlakula. Advocates Lebogang Cordelia Stroom-Nzama and Johannes Weapond are full-time members. Prof Tana Pistorius, intellectual property law expert, and practising attorney Sizwe Snail ka Mtuze are the part-time members.

While Tlakula will oversee the functioning of the Regulator, Stroom-Nzama will focus on Paia and Weapond is responsible for Popi matters. The two part-time employees will focus on both pieces of legislation.

The five members will variously chair committees that will focus on policy and governance (Tlakula); enforcement (Snail ka Mtuze); legal and compliance matters (Stroom-Nzama); complaints and dispute resolution (Pistorius); finance risk and ITC governance (Weapond); outreach and research (Snail ka Mtuze); and human resources (Weapond).