The Information Regulator (Regulator) in partnership with Media Monitoring Africa (MMA) will host the International Data Privacy Day on Friday, 27 January 2023, at the McAuley House School in Parktown.
The Information Regulator (welcomes the action that has been taken by the Department of Education (to align its processes on the publication of matric results with the requirements of the Protection of Personal Information Act 4 of 2013 (PO PIA). The re issuing of a POPIA compliant consent form for the publication of matric results is a commendable action by the DBE. Following last year’s uncertainty, confusion, and conflicting sentiments on the implications of POPIA on publishing Matric
2021 results on various mediums, the Regulator and the DBE have met to resolve the matter. The matter was on the right to privacy as it relates to the protection of personal information of the data subjects (the matriculants) and the social need or public interest for the results to be published.
Media Statement: THE 2022 DATA PROTECTION AFRICA SUMMIT
16 NOVEMBER 2022
The Africa Digital Rights Hub in collaboration with the Information Regulator, will be hosting the 2022 Edition of the Data Protection Africa Summit under the theme ‘Developing Data Protection for Africa’s Digital Economy’, from 21 to 22 November 2022 at the Protea by Marriott Hotel Johannesburg Wanderers.
The Information Regulator (Regulator) on 7 October had issued codes of conduct for the banking and credit reporting sectors. The codes of conduct are available on the Regulator’s website www.inforegulator.org.za. However, the codes will come into effect on 05 November 2022.
Media Invite: KZN Roadshow 20th October 2022
The Information Regulator (Regulator) in partnership with the uMshwathi Local Municipality will host a Community Engagement in Ozwathini on the 20th of October 2022, this will be followed by a Stakeholder Engagement Breakfast and Public Activations on the 21st of October 2022 to be held in Durban eThekwini Metro Municipality, KwaZulu Natal. Both the events are part of the Information Regulator’s KwaZulu Natal Roadshow aimed at promoting nad raising awareness around the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA)
Media Invite: IDUAI 28 September 2022
The Information Regulator in partnership with the City of Johannesburg will host the International Day for Universal Access to Information (IDUAI) community engagement session, on 28 September 2022 at the Orlando East Communal Hall, Soweto. In line with the international theme, the Regulator will host the engagement under the theme, “PAIA as an instrumental tool to promote good governance and a catalyst to respond to public protests”. The engagement is in response to the prescripts of the Promotion of Access to Information Act (PAIA) and the human right entrenched in section 32 of the Constitution.
Media Alert: Extention notice for submission of annual reports in terms of Section 32 of PAIA for public bodies
The Information Regulator (Regulator) has received multiple requests from Information Officers (IOs) and delegated Deputy Information Officers (DIOs) for an extension of the deadline for submissions in line with section 32 of the Promotion of Access to Information Act of 2000 (PAIA). In light of this, the Regulator has decided to extend the deadline for submissions of Section 32 Annual Reports for the 2021/2022 Financial Year to 16 September 2022.
Media Statement: A reminder for public bodies to submit their annual report in terms of section 32 of promotion of access to information ACT 2 od 2000 (PAIA)
The Information Officers (IO’s) of public bodies are reminded to urgently submit their annual reports in terms of section 32 of PAIA to the Information Regulator (Regulator) by 9 September 2022. The Regulator is concerned with the low number of compliances with the statutory obligations for the submission of the annual report to the Regulator. The annual reports currently due for submission are for the financial period 2021/2022.
Media Statement: Information Regulator monitors the Department of Health on POPIA compliance
The Information Regulator (Regulator) welcomes the lifting of the National State of Disaster that was recently announced by President Cyril Ramaphosa.
Media Statement: Information Regulator hosts African Network of information commissions conference
Last week, 7-8 April 2022, the Information Regulator (Regulator), hosted a two-day African Network of Information Commissions (ANIC) online conference aimed at creating a platform for peer learning and support among oversight bodies on access to information on the African continent.
Media Statement: The Regulator is dissatisfied with transunion’s response, and it initiates an assessment on the security compromise.
The Information Regulator has expressed continued dissatisfaction with the security compromise notification submitted by TransUnion, following the instructions given to the credit bureau on 19 March 2022 when the Regulator called on TransUnion to explain the circumstances of the security compromise that it experienced.
Media Statement: Information Regulator hosts human rights month webinar focusing on LGBTQIA+ Community
Earlier today, 23 March 2022, the Information Regulator (Regulator) hosted its Human Rights Month webinar focusing on access to information as a human right and the challenges often faced by the LGBTQIA + community. Globally the South African Constitution is one of the few to prohibit unfair discrimination against the LGBTQIA community. Historically the community was marginalised and discriminated which saw them being denied employment opportunities and access to some basic human rights and freedom of expression.
Media Statement: The Regulator instructs TransUnion to report in greater detail regarding their security compromise.
The Information Regulator (Regulator) met with representatives from the TransUnion credit bureau on Saturday, 19 March 2022, to discuss recent reports of hacking of TransUnion’s IT systems. The Regulator called for a meeting with TransUnion following their correspondence to the Regulator on the incident that may have compromised the security of personal information of an undisclosed number of data subjects (the people about whom the information relates).
Media Statement: Information Regulator shocked at the continued compromise of Experian Data, 27 October 2021
In what appears to be a continuation of the data breach that Experian experienced on 19 August 2020, the Information Regulator was shocked to learn, on 24 October 2021, that the personal information of people whose data had been part of the Experian data breach had been placed on a public domain using a messaging application
Media Invite: Information Regulator to host International Day for universal access to Information Day Webinar, 23 September 2021
The Information Regulator will host the International Day for Universal Access to Information (IDUAI) Webinar, on the 28th of September 2021. The theme for this year is, Effective access to information as a human right for vulnerable groups.
The Information Regulator ’s (Regulator E nforcement C ommittee, which was launched in July 2022, has started acting against transgressors with a particular focus on municipalities.
The Regulator’s investigations ha ve found that all 15 Municipalities which it assessed based on the Promotion of Access to Information Act No 2 of 2000 ( were non compliant with the law. The 15 Municipalities are, City of Johannesburg Metropolitan, City of Tshwane Metropolitan, City o f Ek urhuleni Metropolitan, West Rand District, City of Cape Town Metropolitan, Cape Winelands District, eT hekwini Metropolitan, Umgungundlovu District, Gert Sibande District, Capricon District, Thabo Mofutsanyana District, Mangaung Metropolitan Bojanala Platinum District, Buffalo City Metropolitan and Nelson Mandela
Media Statement: Information Regulator to take over PAIA functions from the South African Human Rights Commission, 29 June 2021
As of 30 June 2021 the Information Regulator will be taking over the regulatory mandate functions relating to the Promotion of Access to Information Act (PAIA) 2000.
Media Statement: Invitation for applications for exemptions from a condition for lawful processing of personal information, 22 Jun 2021
Responsible parties may submit their applications for exemption from a condition for lawful processing of personal information, in terms of section 37 of POPIA.
Media Statement: Developments ahead of enforcement powers coming into effect, 22 Jun 2021
The Information Regulator has confirmed that there will be no deadline for registration of Information officers (IO) and Deputy Information Officers (DIO); this means that no responsible party will be held liable for not registering by 30 June 2021. This decision follows technical glitches with the registration portal and numerous concerns raised by responsible parties regarding the registration process.
Media Statement: Information Regulator publishes the Guidance Note for Registration of Information Officers, 01 Apr 2021
The Information Regulator (IR) of South Africa has published the Guidance Note for the registration of Information Officers (IOs) and Deputy Information Officers (DIOs), in order to ensure proper understanding of the legislative requirements.
Media Statement: 100 day countdown to be POPIA compliant, 24 March 2021
Today marks 100 days to the deadline for public and private bodies to ensure that their processing of personal information conforms to the Protection of Personal Information Act (POPIA). In preparation for the full implementation and enforcement of POPIA on 1 July 2021, the Information Regulator (IR) has prioritised the following processes .
The Information Regulator (IR) South Africa has noted with concern the statement released by WhatsApp, detailing changes that a user will face if they ignore Facebook’s terms by the May 15 deadline. If users will not accept the terms, for a short time these users will be able to receive calls and notifications, but will not be able to read or send messages from the app.
Media Statement: President appoints members of the regulator for a new term, 02 December 2021
President of South Africa HE. Cyril Ramaphosa has appointed four Members of the Information Regulator (Regulator) to begin a new term with effect from 1 December 2021.
Media Invite: Information Regulator hosts international data privacy day webinar
The Information Regulator (Regulator) will host the International Data Privacy Day Webinar on Friday 28 January 2022 under the theme, Data privacy and POPIA: a joint responsibility in the protection of personal information is essential to curb cybercrime. Topics to be covered include Information Officers and their responsibility towards putting security safeguards in place and complying with the condition for lawful processing. Cyber security laws in South Africa & data privacy as well as practising cyber hygiene online. The Regulator’s speakers will be joined by other panel members from the Cybersecurity Response Committee at the State Security Agency, Gijima Technology and DFIRLABS.
Media Statement: Regulator clarifies on POPIA concerning publishing of Matric results, 12 January 2022
The Information Regulator (Regulator) notes the decision of the Department of Basic Education (DBE) to stop the publication of matric results on public platforms ostensibly in compliance with The Protection of Personal Information Act (POPIA).
Media Statement: Election campaigning and processing of personal information of Voters, 14 October 2021
The Information Regulator reminds all political parties that they must ensure lawful processing of personal information as prescribed in the Protection of Personal Information Act (POPIA) 4 of 2013.
Media Statement: Information Regulator’s IT systems affected by a ransomware attack on the Department of Justice & Constitutional Development, 13 September 2021
The Information Regulator notes with concern media reports and an official public statement from the Department of Justice and Constitutional Development (DOJ&CD), released on 09 September 2021, that its Information Technology (IT) systems suffered a security breach that was caused by a ransomware attack. The breach took place on the evening of 06 September 2021.
Media Statement: Information Regulator warns against the processing of Personal Information of data subjects without their consent, 13 Jul 2021
The Information Regulator notes with concern the photographs of former President Jacob Zuma distributed through social media taken at a facility of the Department of Correctional Services (DCS).