The Information Regulator established under the Protection of Personal Information Act, 2013 (“POPIA”) published a Guidance Note for the registration of Information Officers (“IOs”) and Deputy Information Officers (“DIOs”) urging companies to use its online portal for registration of IOs and DIOs. This portal will be available from 1 May 2021,

Once registered, the contact details of all IOs and DIOs will be available on the Information Regulator’s website.

If your organisation has previously appointed an IO in terms of the Promotion of Access to Information Act, 2002 (“PAIA”), then the IO must also be registered with the Information Regulator.

The particulars provided to the Information Regulator must be the same as those contained in your PAIA Manual.

Who is the IO?

For private bodies, by default, the “head” of your organisation will be your IO.  The CEO or managing director of a juristic person may authorise any natural person within the body(and not outsourced)to act as the IO. Even though another person may serve, the CEO or managing director retains the accountability and responsibility for any power or functions authorised to that person. The person assigned as the IO should be at an executive level or equivalent position. The authorisation must be in writing, may be withdrawn or amended and must not prevent the CEO or MD to act in his place from performing the duty themselves.