POPIA and information officers

The Protection of Personal Information Act (POPIA) requires, among other things, the appointment of an information officer. This requirement is universally applicable to all types of organisations and has a far-reaching effect from a practical and compliance perspective.

This eight-hour course is designed to serve as a guide on the essential requirements and duties under POPIA with regards to appointing an information ofﬁcer, as well as the practical implications of being appointed as such. This course ultimately aims to provide clarity on the role of an information ofﬁcer in a public and private body.

When and where?

This course is not currently scheduled.

Check out our Course Overview page to see all our current courses. Or join our mailing list to stay up to date with newly-scheduled courses.

Course outline

The topics to be covered will include:

A brief introduction to the Protection of Personal Information Act (POPIA), the information regulator and its guidance note on information ofﬁcers
The topics that this section will cover include:What is POPIA?
- What is personal information and why should it be protected?
- Other relevant deﬁnitions.
- What are the penalties for non-compliance with POPIA?
- What does the information regulator do and what does it not do (e.g. provision of training)?
- The nature of the information regulator’s Guidance Note on Information Ofﬁcers.
A general overview of information ofﬁcers
The topics that this section will cover include:
- What is an information ofﬁcer? - exploring the history of information ofﬁcers in South Africa.
- How are information ofﬁcers under POPIA different to those under PAIA? What has changed since the passing of POPIA?
- Automatic designations of information ofﬁcers in private and public bodies.
- Who may be appointed as the information ofﬁcer in a private body?
- Who may be appointed as the information ofﬁcer in a public body?
Appointing information ofﬁcers and deputy information ofﬁcers
The topics that this section will cover include:
- How are information ofﬁcers appointed internally within an organisation?
- An overview of the standard job-speciﬁcation for an information ofﬁcer and the key qualiﬁcations and skills required.
- How are information ofﬁcers appointed externally with the information regulator?
- What formalities, procedures and requirements are there for the appointment of deputy information ofﬁcers?
- Do deputy information ofﬁcers need to be registered with the information regulator?
- How often do you need to update your information ofﬁcer’s records with the information regulator?
- What complexities may arise when disciplining an information ofﬁcer?
The essential roles and duties of information ofﬁcers and deputy information ofﬁcers
The topics that this section will cover include:
- Understanding the role of an Information ofﬁcer in an organisation:
- Understanding the duties of an Information ofﬁcer
- Day to day duties within an organisation: - Risk assessment and policies - Staff training - Compliance Framework (Regulation 4(a)) - Coordination within multinational groups to ensure compliance and mitigation of risk across different jurisdictions.
- Information Ofﬁcers Association and other training/exams for information ofﬁcers
- Duties under Promotion of Access to Information Act (PAIA)
- How do duties of an information ofﬁcer differ between those of SMME’s and those of larger corporations?
- Understanding the duties of a deputy information ofﬁcer .
- Delegation of duties and deputy information ofﬁcers (PAIA Section 17 and POPIA Section 56);
- Deputy information ofﬁcers : knowledge on business operations and training on POPIA and PAIA.
Liability and information ofﬁcers
The topics that this section will cover include:
- Liabilities of information ofﬁcers under POPIA.
- Liability for conduct of a deputy information ofﬁcer.
- Liabilities of executives for the conduct of an information ofﬁcer under POPIA.
- Liabilities of information ofﬁcers under PAIA.
Miscellaneous aspects of information ofﬁcers
The topics that this section will cover include:
- How must multinational companies appoint information ofﬁcers and who do information ofﬁcers in multinational companies report to in the event of a data breach?
- How must groups of companies appoint information ofﬁcers in their structures?
- How are information ofﬁcers different from data protection ofﬁcers under the GDPR?
- Can information ofﬁcers and data protection ofﬁcers be the same person in a multinational company?
- Information Ofﬁcers Association and other training/exams for Information ofﬁcers .
- Practical considerations for Information ofﬁcers in smaller organisations.;

Who will benefit from this course?

The following stakeholders will beneﬁt from this course: in-house legal counsel; directors/heads of corporations; management of large, medium and small corporations; legal project managers.

Presenters

This course is presented in conjunction with Endcode. EndCode is a tech law advisory that specialises in assisting startups in navigating the legal frameworks that impact their businesses. We are proud legal mentors for tech startups at the Innovation Hub in Pretoria and the pan-African Meltwater Entrepreneurial School of Technology (MEST).

How much?

R2,200 per person

Certificate

A certificate of attendance from UCT will be awarded to students who attend the full course.

How to sign up

Complete and submit the registration form. You will then be given the payment information. Please note that registrations will not be accepted until payment has been made.

One or two days before the course, we will send you the Zoom link. You will need to register and use a password to enter the virtual classroom.

Registrations close three days before the course starts.

Download the brochure.