As we previously reported, the Protection of Personal Information Act 4 of 2013 (“POPI”) was signed into law in November 2013. Those provisions which deal with the establishment of the Information Regulator came into effect on 11 April 2014.
Expectations are that the President will proclaim the rest of the provisions of POPI into effect once the Information Regulator has been established.
The ball got rolling on the appointment of the Information Regulator in April 2015, when Parliament requested that the nomination of five candidates for this position be submitted to the Portfolio Committee on Justice and Correctional Services (by 14 August 2015). On 11 November 2015, the Portfolio Committee met to discuss the appointment of the Information Regulator. They then called for a workshop with the relevant stakeholders to discuss the importance of POPI, its relationship with legislation such as the Promotion of Access to Information Act and the Protection of State Information Act, and whether the Act provides sufficient protection to those in rural areas.
It is unclear why Parliament decided on a workshop and if the resultant delay in the commencement of the balance of the Act is truly warranted. Many organisations are not yet compliant with POPI, and such a workshop would arguably afford them more time and could also abate some of the challenges faced by them in becoming compliant. Small to medium enterprises, particularly those that rely on the processing of personal information to generate business, have been identified as a category that will be hard hit by the costs of complying with POPI. However, most of the issues earmarked for discussion at the workshop were already discussed in the legislative process leading up to the promulgation of POPI in 2013.
Any issues that such a workshop may seek to address or clarify prior to the commencement of the balance of the Act, could arguably be addressed in the 12 month grace period the Act affords to organisations to become compliant with the Act (once enacted in its entirety). Rather than delaying the commencement of the core of this much-needed piece of legislation, the grace period could be extended to assist organisations that are not yet compliant, or foresee difficulties with implementation.
2015, therefore, saw very little development in relation to the announcement of a commencement date for the balance of the Act, and there is currently no indication when this will be.