Information Regulator: Update on developments in its international cooperation work, innovation, and progress on POPIA matters

Information Regulator: Update on developments in its international cooperation work, innovation, and progress on POPIA matters

• 28 November 2024
• Regulatory Compliance and Legislation
• South African Accounting Academy

Summary:

The Information Regulator of South Africa (IRSA) has issued an update on developments in its international cooperation work, innovation, and progress on POPIA matters.

Article:

The Information Regulator (IR) continues to make strides at home and abroad in the fulfilment of its legislative mandate on the protection of personal information and the promotion of access to information.

The recent developments in the work of the IR attest to its efforts at being a world-class institution in the protection of personal information and the promotion of access to information.

The IRSA is proud to announce the following developments:

1. The IR has been elected to serve on the Executive Committee of the Global Privacy Assembly (GPA), a network of over 130 data protection and privacy authorities from all over the world
2. The IR has been shortlisted in the Top 3 of the Public Sector category for the BCX Digital Innovation Awards for its pilot eServices Portal project.
3. The IR has issued the Electoral Commission (IEC) and the Department of Basic Education (DBE) with an Infringement Notice and an Enforcement Notice respectively. These were issued as a result of non-compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) by both institutions.
   • On 10 September 2024 the IEC was issued with an Enforcement Notice following the security compromise (data breach) it experienced, which saw the unlawful release of candidate lists for the 2024 elections. The IR found that the IEC had inadequate organisational measures to protect the integrity of personal information of data subjects. The IEC failed to show the IR how it had complied with the Enforcement Notice within the stipulated time frame (within 31 days). Therefore, the IR has issued an Infringement Notice with an administrative fine of R100 000 against the IEC.
   • The DBE was issued with an Enforcement Notice on 4 November 2024 following the IR’s own initiative assessment into the compliance with POPIA by the department. The IR found that the department was not compliant with section 11 of POPIA and was in breach of the conditions for the lawful processing of personal information by failing to obtain consent for the publication of matric results from the learners or that of parents/guardians of learners that sat for the 2023 National Senior Certificate examinations. The IR directed that the results of the 2024 matriculants should not be published in the newspapers, and must make these results available to the learners using methods that are compliant with POPIA.

Click here to download the document:

https://inforegulator.org.za/wp-content/uploads/2020/07/MEDIA-STATEMENT_INFORMATION-REGULATORS-LATEST-UPDATE-2.pdf

Relevance to Auditors, Independent Reviewers & Accountants:

• POPIA is an important piece of legislation that your clients must comply with, and which you must assess compliance with.  If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
• As an auditor, independent reviewer and accountant, you also need to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.

Relevance to Your Clients:

• An entity (company or close corporation) should to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.

0 COMMENTS

LEAVE A COMMENT