LEGISLATION PAGE 40
POPI
PROTECTION OF PERSONAL INFORMATION
&
PAIA
PROMOTION OF ACCESS TO INFORMATION
Governance matters for POPI and PAIA Act compliance
The foundation of good governance lies in assigning responsibilities for activities that will contribute to effective governance . This includes establishing governance mechanisms for laws such as the Protection of Personal Information Act ( POPI ) and the Promotion of Access to Information Act ( PAIA ).
The first step in preparing for compliance with these Acts is to identify the elements of governance that will be required to maintain an appropriate level of compliance . In principle , it is best to start a POPI compliance preparation project ( CPP ) that incorporates PAIA . The project should aim to clarify your current level of readiness for compliance with the Acts , identify the relevant stakeholders , assign responsibilities for carrying out compliance preparation tasks and ensure that these are completed within an agreed timeframe .
In homeowners ’ associations ( HOAs ), the levels of governance are typically the board of directors / trustees ( first level ), the estate manager or CEO ( second level ) and the HOA management team ( third level ). In order to initiate a CPP , approval should be obtained from the board of trustees , who should appoint the estate manager as the project sponsor to be accountable for the oversight and successful completion of the project . The estate manager should appoint a project manager who will be responsible for identifying project team members as well as allocating project tasks to them . role required by both POPI and PAIA , namely the information officer . By default , this is the designated head of an organisation , typically the CEO . In an HOA , this would be the estate manager . POPI and PAIA make provision for the appointment of deputy information officers to whom the information officer can delegate the day-to-day tasks of managing compliance activities . In an HOA one deputy information officer may be sufficient , although the information officer may wish to appoint more .
ARC business partner IACT Africa has developed a toolkit which enables HOAs to prepare for POPI and PAIA compliance . Part of this kit is a governance assessment tool which contains 30 POPI governance elements . These include commitment from the board , audit and risk , as well as the information officer . Completion of the CPP , carrying out self-assessments , the development of a policy framework and breach oversight are among the many elements of the toolkit .
These governance commitments may seem very daunting , but laying the right foundation for roles and responsibilities , and the related tasks for these , will go a long way towards establishing a compliance capability for POPI and PAIA . Don ’ t try to reach perfection in the first phase of your compliance journey ; establish reasonable organisational and technical measures in line with your risks .
IACT Africa is an ARC business partner that is working with a number of HOA POPI clients .
During the CPP , roles and responsibilities should be defined for managing the processes for maintaining compliance once the project has been completed . There is an essential
John Cato IACT – AFRICA