In November last year we reported on the establishment of the Office of the Information Regulator. This body falls under the Protection of Personal Information (Popi) Act, which serves as South Africa’s data protection act. Popi itself is not yet in force, but sections pertaining to the Regulator were put into effect through a presidential proclamation in April 2014.

The Information Regulator is subject only to the law and the Constitution, and accounts to the National Assembly. It comprises three full-time and two part-time employees, and is headed by former Independent Electoral Commission chairperson Advocate Pansy Tlakula. Advocates Lebogang Cordelia Stroom-Nzama and Johannes Weapond are full-time members. Prof Tana Pistorius, intellectual property law expert, and practising attorney Sizwe Snail ka Mtuze are the part-time members.

Information Regulator logoTheir five-year appointment, which was approved by President Jacob Zuma, took effect on 1 December 2016.

In February the Regulator held its first press briefing, where the names of the full- and part-time members were announced, and some details were provided on why only this section of Popi has been enacted. “As you are aware, only sections 39-54, 112 and 113 of Popi have come into operation,” said Tlakula. “The rest of the sections will only come into operation once the Regulator is fully operational.”

The Regulator will play a crucial role in monitoring compliance by responsible parties with the provisions of Popi, as well as the Promotion of Access to Information Act (Paia).

“Section 114 (4) of Popi requires us to take over the function of enforcing Paia from the South African Human Rights Commission,” Tlakula said. “We have already held the first meeting with the SAHRC on the interpretation of the relevant provisions of [the two acts].” A follow-up meeting will take place in March 2017.

“Our mission is to ensure that both the constitutionally guaranteed right of access to information and the right to privacy are equally protected and enjoyed. Failure to do so might result in one part of our mandate being given more prominence than the other,” Tlakula said.

Ensuring protection of your personal information 

The Information Regulator’s main function is to prevent data subjects – people whose data is being used or examined – from harm, and it can hold to account those responsible for non-compliance.

While Tlakula will oversee the functioning of the Regulator, Stroom-Nzama will focus on Paia and Weapond is responsible for Popi matters. The two part-time employees will focus on both pieces of legislation.

The five members will variously chair committees that will focus on policy and governance (Tlakula); enforcement (Snail ka Mtuze); legal and compliance matters (Stroom-Nzama); complaints and dispute resolution (Pistorius); finance risk and ITC governance (Weapond); outreach and research (Snail ka Mtuze); and human resources (Weapond).