Has POPI fatigue hit yet? Brace yourself: the protection of personal information is a moving target.
The Covid-19 4th wave is the not the only wave which we are currently having to contend with, as POPI related Policies, Privacy notices and requests for consent to process roll into our inboxes, whatsapp groups and cell phones. More like a tsunami, the POPI ride is in full swing.
It appears that both employers, vendors and the public at large, despite being given ample amount of time to prepare of the compliance deadline of 1 July, 2021, are woefully under prepared. But if that is how you are feeling, don’t feel alone because it appears that the Information regulator is in much the same space. Here’s why:
- PAIA manuals: the scope of information which the manual must cover and the scope of those who must comply with developing the manual, have both been extended and now includes almost everyone outside of a private domicile. The original deadline for development of the manual was 30 June 21, however with the widening of application and the narrowing of exceptions, the Minister of Justice and Correctional Services, Mr Ronald Lamola, has extended the current exemption by a further six months, effective from 1 July 2021 to 31 December 2021 to afford private bodies who were currently exempted, additional time to prepare and compile their PAIA Manuals. In addition to this, they have determined that 1 February 2022 as the date on which section 58(2) will be applicable.
- Ownership changes: The Information Regulator, as of 30 June 21, will be taking over the function of the Promotion of Access to Information Act (PAIA) previously owned by the South African Human Rights Commission (SAHRC). Associated changes to the PAIA scope are expected as a result of this change of this last minute ownership.
- Inability to register Information Officers: As the 30 June deadline for registration of an Information Officer (IO) and Deputy Information Officer (DIO) approached, many noted in dismay that the only manner in which to register was manually via the postal service! This antiquated communication avenue blocked the registration process as a result. Sliding in under the deadline, the Information regulator finally provided the public with an online portal for the registration of the IO and DIO, only for the portal to crash, one can assume as the result of a severe overload. Access to the portal was intermittent and fluctuated for several weeks, until the Regulator finally ditched its first attempt and announced that there will no longer be a deadline for registration of Information officers (IO) and Deputy Information Officers (DIO) – because it simply was impossible for the public to meet this deadline under the conditions provided by the Regulator. The Regulator has confirmed that this will mean that no responsible party (company or entity) will be held liable for not registering by 30 June 2021. Huzzah! One less issue to worry about… for now.
Note however enforcement powers as promulgated by the President of South Africa in June 2020 are still effective as of the 1 July 2021.