Certain provisions of the Protection of Personal Information Act, No 4 of 2013 (Act) dealing with the establishment of the office of the Information Regulator (as well as its powers, duties and functions) have, on proclamation by the President of the Republic of South Africa, come into effect as of 11 April 2014.
The Information Regulator is a body which is responsible for, inter alia, monitoring and enforcing compliance with the Act, handling data subjects’ complaints regarding alleged violations to their personal information and facilitating cross border co-operation in the enforcement of privacy laws. This move by government will hopefully serve to ensure that the office of the Information Regulator is operational and ready to govern, manage and ultimately ensure compliance with the provisions of the Act once the balance of the Act comes into effect and is also indicative of progress in this regard.
Private and public organisations are strongly encouraged to assess their level of compliance with the provisions of the Act so as to consider and implement any compliance processes, procedures and policies which may need to be established and implemented. Although the Act provides for a one year compliance transition period (with a possibility of that being extended for up to three years) the obligations imposed by the Act are extensive and far reaching and persons (both natural and juristic) processing personal information should be focussing on becoming acquainted with the provisions of and their obligations under the Act, creating awareness of the implications of the Act within their organisations and taking all appropriate steps towards compliance
Simone Gill, Director, Mukelo Ngobese, Associate, and Nabeela Latib, Candidate Attorney, Technology, Media and Telecommunications Practice, Cliffe Dekker Hofmeyr