This alert focuses on the new requirements for website compliance (which was due by 26 October 2023) and the Compliance Notice issued by the Information Regulator in terms of Section 83(3)(d) of PAIA.
Private bodies are required to publish a PAIA Manual on their website and make it available at their offices. This manual should provide information on how to request access to records, the fees associated with such requests, and the dispute resolution process. In terms of a Government Gazette published on 30 June 2021, the exemption for private bodies came to an end on 31 December 2021, and as of 1 January 2022, ALL private bodies MUST have a PAIA Manual published on their website and available at their offices.
Entities must also update their websites with the new forms – Refer to SAAA’s previous Technical Alert dated 9 November 2023. This is crucial for private bodies to ensure consistency and compliance with the latest PAIA requirements. Failure to meet this deadline may result in non-compliance and potential assessments by the Information Regulator.
Steps to ensure PAIA compliance and website readiness:
Review and update your PAIA Manual
Ensure that your PAIA Manual is comprehensive, up-to-date, and includes all the necessary information required by PAIA. This includes details on how to request access to records, the fees associated with such requests, and the dispute resolution process.
Publish your PAIA Manual on your website
Make sure that your PAIA Manual is easily accessible on your website, allowing individuals to review and understand their rights and obligations under PAIA.
Make your PAIA Manual available at your offices
In addition to publishing your PAIA Manual on your website, you must also have a physical copy available at your offices for individuals who prefer to access the information in person.
Train your staff on PAIA compliance
Ensure that your staff members are aware of their responsibilities under PAIA and understand how to handle requests for access to records. This will help streamline the process and ensure that your organisation is able to respond to requests in a timely and efficient manner.
Monitor and update your PAIA compliance
PAIA is a dynamic and evolving piece of legislation, and it is important to stay up-to-date with any changes or updates that may affect your compliance obligations. Regularly review your PAIA Manual and website to ensure that they remain accurate and in line with the latest requirements.
Private bodies should ensure that they have a comprehensive understanding of their obligations under PAIA and take the necessary steps to comply with website compliance. This includes updating their websites with the new forms and publishing a PAIA Manual that provides clear and accessible information on how to request access to records, the fees associated with such requests, and the dispute resolution process. Failure to comply with these requirements may result in assessments by the Information Regulator and potential penalties for non-compliance.
The Information Regulator provided the following clarity on the PAIA compliance notice issued:
The notice applies to public and private bodies. The regulator said that Deputy Information Officers include private bodies as required in section 56 of POPIA. The inclusion of the private body requirements is premised on the requirement for private bodies to have deputy information officers.
Private bodies who received this notice must ensure that they link to Forms 02 and 03. Private bodies can ignore Form 4 because it only applies to public bodies.
Private bodies can link to the forms from their PAIA manuals. However, they must also link to the forms separately from their PAIA manual.
This means that private bodies must create links to the forms somewhere on their websites to enable a requester to access the form without having to download your PAIA manual.
The regulator clarified that bodies must link to the forms on the regulator’s website because they are editable PDFs. This requirement is in line with the objectives of PAIA.
It might be a good idea to link to the Regulator’s PAIA forms page so that you are covered if the regulator updates the forms in the future.
Click here to access the link to the Regulator’s PAIA forms page:
https://inforegulator.org.za/paia-forms/
Relevance to Auditors, Independent Reviewers & Accountants:
PAIA is another piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (Non-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
As an auditor, accountant and independent reviewer, you need to consider updated information that is published by the Information Regulator (as they are responsible for PAIA in SA) – especially as it relates to operational functionalities, such as the latest forms to use to request access to information.
As an employer, you also need to comply with PAIA in your workplace.
Relevance to Your Clients:
An entity (company or close corporation) has a duty to comply with PAIA, and directors have to fulfill their duties accordingly, otherwise, they could be held liable.
Your clients need to consider updated information that is published by the Information Regulator (as they are responsible for POPIA and PAIA in SA) – especially as it relates to operational functionalities, such as the latest forms to use to request access to information.