A call to action for the Information Regulator

Posted in Blog

 

In 2016 the Information Regulator was established in South Africa with the dual mandate of ensuring access to information and protecting personal information for all citizens.

Since it has been established it has appointed five members to the board and set up its offices. However there has been little further action in the past year.

The public must now ask what are the reasons for these continued delays and for how much longer must we continue to wait?

The PAIA Act was written in 2000 and POPI Act passed in 2013 but we are still waiting for the commencement date for these Acts to be proclaimed by the President. This year will have been waiting for PAIA for almost 18 years. And with the European Union’s GDPR regulations coming into effect on the 25 May 2018, POPI can no longer be kept on the back-burner.

Action needs to be taken. It is time for the Information Regulator to fulfil its duties to the citizens of South Africa and start holding companies and organisations accountable to the PAIA and POPI Acts.

In a fair and democratic society the PAIA Act is a vital piece of legislation to facilitate access to information in order to increase the transparency of governmental bodies and public enterprises and to hold them accountable to the people.

As we move further into the 21st Century, cyber-security and threats to personal data are going to continue to be one of the most pressing concerns of people and governments.

Improving citizens’ data security, educating the public about data security and protecting people’s personal information is of paramount importance in modern society.

It is time for the Information Regulator to start encouraging swift and sustainable action in this regard.

As this issue becomes ever more pressing here are 20 questions we as citizens of South Africa want answered by the Information Regulator:

  1. How do I find out which companies have access to my personal data?
  2. How do I find out if my personal data has been compromised?
  3. How do I report a company that I think is abusing my personal information?
  4. What rights do I have with regards to protecting my personal data?
  5. Can I ask companies to tell me how much of my personal data they have?
  6. Can I ask businesses to remove my personal data from their systems?
  7. Do I have a right to claim compensation from companies who abuse my personal data?
  8. What rights do I have with regards to getting information about the purposes for which my personal data will be processed?
  9. Do I have the right to restrict or object to the processing of my personal data?
  10. Do I have the right to object the processing of my personal data for direct marketing purposes?
  11. Will the Information Regulator set-up a complaints channel for people to report data violations?
  12. How do citizens know if organisations are PAIA and POPI compliant?
  13. How will the Information Regulator ensure that companies communicate transparently with people about the processing of their personal data?
  14. How will the POPI Act be regulated and enforced once it is signed into legislation?
  15. What authorisation process is in place to ensure responsible parties can process personal information?
  16. What is the process for gaining access to information from Public and State Owned Enterprises?
  17. What are the criteria for requesting access to information from Public and State Owned Enterprises?
  18. How do we encourage sharing of public information for greater transparency and accountability from Public and State Owned Enterprises?
  19. What is the process for registering an Information Officer with the Information Regulator?
  20. How will the Information Regulator enable compliance with other regulatory bodies, for example the GDPR?