Governance matters for POPI and PAIA Act compliance
The foundation of good governance lies in assigning responsibilities for activities that will contribute to effective governance . This includes establishing governance mechanisms for laws such as the Protection of Personal Information Act ( POPI ) and the Promotion of Access to Information Act ( PAIA ).
The first step in preparing for compliance with these Acts is to identify the elements of governance that will be required to maintain an appropriate level of compliance . In principle , it is best to start a POPI compliance preparation project ( CPP ) that incorporates PAIA . The project should aim to clarify your current level of readiness for compliance with the Acts , identify the relevant stakeholders , assign responsibilities for carrying out compliance preparation tasks and ensure that these are completed within an agreed timeframe .
In homeowners ’ associations ( HOAs ), the levels of governance are typically the board of directors / trustees ( first level ), the estate manager or CEO ( second level ) and the HOA management team ( third level ). In order to initiate a CPP , approval should be obtained from the board of trustees , who should appoint the estate manager as the project sponsor to be accountable for the oversight and successful completion of the project . The estate manager should appoint a project manager who will be responsible for identifying project team members as well as allocating project tasks to them . role required by both POPI and PAIA , namely the information officer . By default , this is the designated head of an organisation , typically the CEO . In an HOA , this would be the estate manager . POPI and PAIA make provision for the appointment of deputy information officers to whom the information officer can delegate the day-to-day tasks of managing compliance activities . In an HOA one deputy information officer may be sufficient , although the information officer may wish to appoint more .
ARC business partner IACT Africa has developed a toolkit which enables HOAs to prepare for POPI and PAIA compliance . Part of this kit is a governance assessment tool which contains 30 POPI governance elements . These include commitment from the board , audit and risk , as well as the information officer . Completion of the CPP , carrying out self-assessments , the development of a policy framework and breach oversight are among the many elements of the toolkit .
These governance commitments may seem very daunting , but laying the right foundation for roles and responsibilities , and the related tasks for these , will go a long way towards establishing a compliance capability for POPI and PAIA . Don ’ t try to reach perfection in the first phase of your compliance journey ; establish reasonable organisational and technical measures in line with your risks .
IACT Africa is an ARC business partner that is working with a number of HOA POPI clients .
During the CPP , roles and responsibilities should be defined for managing the processes for maintaining compliance once the project has been completed . There is an essential