Description of the Role of Information Officers Course


The Protection of Personal Information Act requires that the heads of public bodies and CEO’s of private bodies register with the Information Regulator the details of the postal and street address, phone and fax number and, if available, electronic mail address of their Information officers and any Deputy Information Officers so that data subjects and the Information Regulator may contact these individuals regarding access to information and compliance with the conditions for lawful processing of personal information set out in the Protection of Personal Information Act.

The purpose of this seminar is to assist Information Officers and Deputy Information Officers understand their role and responsibilities in terms the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act, including the extended duties and responsibilities contained in the Regulations issued by the Information Regulator.

It is the responsibility of the “Information Officer” to encourage the organisation’s responsible parties to process personal information lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy. Processing of personal information must comply with the eight conditions imposed by the Protection of Personal Information Act. The Information Regulator has extended the responsibilities of the Information Officer to include ensuring a Compliance Framework is developed, implemented and monitored. 


Participants will receive an overview of the POPI Act and obtain a specific understanding of the role and responsibilities of the “Information Officer”.

On completion of this seminar, participants will be able to:

  • Articulate the significance of the Protection of Personal Information Act
  • Demonstrate an understanding of the duties and responsibilities of information officers
  • Describe the role, responsibilities and legal obligations of the responsible parties.
  • Describe the roles and the responsibilities of the other parties concerned about the processing of personal information
  • Develop and implement a Compliance Framework
  • Explain the conditions for the lawful processing of personal information
  • Communicate the conditions for lawful processing personal information contained therein.


Participants will learn through discussion and practical examples about the role of an Information Officer, the requirements of the Promotion of Access to Information Act and the Protection of Personal Information Act. Participants will discuss the issues that an Information Officer is expected to deal with in the course of discharging his/her responsibilities.

This seminar includes topics about:

  • Registering Information Officers with the Information Regulator
  • The duties and responsibilities of the Information Officer
  • Designation and delegation to Deputy Information Officers
  • Implications of the Companies Act 2008 for Information Officers
  • How to differentiate between personal information, special personal information and other data
  • Important content of the PAIA manual
  • The preparations required prior to updating the PAIA information manual about the processing of personal information
  • PAIA manual exemptions
  • Availability of the PAIA manual
  • Guidance available from the Information Regulator
  • Documentation to be prepared prior to the processing of personal information
  • Processing details to be maintained in the PAIA manual
  • Records available in accordance with other legislation
  • The Conditions for the lawful processing of personal information
  • Implications of the Conditions for lawful processing of personal information for business activities
  • Assistance that can be expected from the Information Regulator
  • Working with the Information Regulator to conduct investigations
  • Dealing with requests from Data Subjects
  • Ensuring compliance with the provisions of the POPI Act
  • Making use of a Compliance Framework
  • Handling requests for access to information
  • Receipt of complaints by information officers
  • Informing information officers prior to pre-investigation procedures
  • Requests to the Regulator by Information Officers to make an Assessment in the manner prescribed of whether the body complies with the provisions of the Act insofar as its policies and procedures are concerned
  • Information Notice served on an Information Officer
  • Enforcement Notice served on an Information Officer
  • Non-compliance with an Enforcement Notice by an information officer
  • Applications to Court regarding decisions of information officers
  • Examples from industry – local and international
  • An Action Plan for Information Officers
  • The job description of an information officer.