Deputy Minister John Jeffery: National Information Officers’ Forum

Address by the Deputy Minister of Justice and Constitutional Development, the Hon John Jeffery, MP at the National Information Officers’ Forum

Programme Director
Chairperson and Deputy Chairperson of the SAHRC
Ministers and Deputy Ministers present,
Commissioners of the SAHRC
Representatives of Chapter 9 bodies,
Directors-General,
Colleagues from various government departments
Ladies and gentlemen, friends
                                    

Today the world celebrates International Right to Information Day. It is a day to reflect on what we can do to ensure that people have better access to information, so as to enable them to better exercise their rights.

Since PAIA became operational, our courts have emphasised that the right of access to information can only be limited when there is justification for such a limitation vis-à-vis other fundamental rights considerations.

A recent report by the Open Democracy Advice Centre – or ODAC, as we all know it – reveal some interesting results: 

  • Firstly, people may know about PAIA, but they don't use it.  Some 81% of those questioned in the research knew about the Promotion of Access to Information Act, but only 24% have made requests. Among respondents who have not used PAIA, the most common reason (62,5%) for not making a PAIA request was a belief that they would not get a response.
  • Secondly, people’s perceptions of accessing information aren't positive. Negative perceptions about trying to get information included a belief they would not get a response, and potential delays.
  • Thirdly, those who do eventually use PAIA to access information use it frequently, in that 39% of users have made three or more requests.

With regards to the success of PAIA requests, the report found that 21% of requests were granted, 29% of requests were ignored, 29% were refused and 21% were granted, but no information was received.

Public bodies have a mandatory duty in terms of PAIA to provide the Commission with information about the requests for information they have received and processed each year.

In terms of section 32 of PAIA this is a mandatory obligation applicable to all public bodies including municipalities and parastatals.
We all know that since the passage of the PAIA, compliance by public bodies with regard to the submission of section 32 reports has been low.
In cases where the reports are submitted, many of the reports received do not accurately capture the requirements of section 32.
In the reports however received by the SAHRC, there is an increasing trend by public bodies not to comply with the provisions of the PAIA in dealing with information requests.

We believe that the newly established institution of an Information Regulator, with the enforcement powers assigned to it, will be able to improve compliance with PAIA and address the challenges facing PAIA implementation.

There really are, in essence, two types of information that the law must provide for.

On the one hand, we have information which is held by the state and which people need to access their rights.

On the other hand we have personal information – personal information and data must be protected.

It is in dealing with the different processes pertaining to the different types of information that the Information Regulator has a crucial role to play.

The Protection of Personal Information Act establishes a set of conditions for the processing of personal information.

These include both general conditions and more detailed conditions for the processing of special personal information such as religious or philosophical beliefs, race and ethnic origins, political persuasion, to name of few. It establishes an independent Information Regulator as an independent juristic person to regulate the implementation of the law. The Regulator is subject only to the Constitution and the law and is accountable to the National Assembly.

The Regulator will have many functions to perform. It will be there to, not only, enforce compliance. It will also have a supervisory function.

It must provide education by promoting an understanding and acceptance of the conditions for the lawful processing of personal information and must monitor and enforce compliance by public and private bodies with the provisions of the PPI Act.   It must consult with interested parties by acting as mediator between opposing parties and handle complaints by investigating alleged violations. Importantly, it must exercise the powers conferred upon the Regulator relating to the access of information as provided for by the Promotion of Access to Information Act.

There will also be reliance on codes of conduct, approved by the Regulator for the various sectors, which would be legally enforceable. The development of codes of conduct will contribute to the proper implementation of the conditions for the lawful processing of personal information, as reflected in Chapter 3 of the Act, in each sector. A code must prescribe how the conditions are to be complied with within specific sectors as far as the processing of personal information is concerned.  The Regulator may, in terms of section 61, issue codes on its own initiative or on application by persons who process personal information.

Sectors are encouraged to regulate themselves by drawing up codes of conduct for the processing of personal information that must be approved by the Regulator. For example, an exemption has been made for journalists, subject to a code that sufficiently covers the relevant issues and the media is then, subject to that code, left to regulate itself.

With a few exceptions, crimes are only committed when a party does not abide by an enforcement notice issued by the Regulator. An aggrieved party has the right to take the enforcement notice on appeal to the High Court.

Privacy is a valuable aspect of a person’s personality, for that reason the definition of personal information is as wide as possible, including amongst others, everything from race, gender, marital status, sexual orientation, religion, language, employment history, email and telephone number, location and biometric information. 

It can also include personal opinions, views and preferences of a person.

In protecting a person’s personal information consideration should, therefore, also be given to competing interests such as the administering of national social programmes, maintaining law and order, and protecting the rights, freedoms and interests of others, including the commercial interests of industry sectors such as banking, insurance, direct marketing, health care, pharmaceuticals and travel services.

The task of balancing these opposing interests is a delicate one.

As mentioned, the Act makes changes to the Promotion of Access to Information Act, as the responsibilities for the implementation of the Act are being transferred from the SA Human Rights Commission to the Information Regulator. The Regulator as the sole functionary, apart from the courts, will consider complaints against decisions that have been taken by public or private bodies in respect of requests for access to records of the bodies concerned.

Insofar as certain public bodies are concerned, the compulsory internal appeal procedure will be retained.  A party who is aggrieved by a decision of the relevant authority will have an option to either submit a complaint to the Regulator or to approach the court for appropriate relief; and a party who is aggrieved with a decision by the head of a private body will be able to either submit a complaint to the Information Regulator in respect of the decision concerned, or to approach the court for appropriate relief.

Section 114(4) of the PPI Act provides that the SAHRC must, in consultation with the Regulator, finalise or conclude its functions referred to in sections 83 and 84 of the Promotion of Access to Information Act, as soon as reasonably possible after the amendment of those sections in terms of the PPI Act.
The appointment of the Regulator is currently underway.

The Portfolio Committee on Justice and Correctional Services has called for nominations from individuals, organisations, institutions and civil society for 5 suitable persons to be appointed as members of the Information Regulator for a period of five years. The closing date for nominations was 14 August.

In terms of the PPI Act members of the Regulator must be South African citizens who are appropriately qualified, fit and proper persons.

At least one person must be appointed on account of their experience as a practicing advocate or attorney or a professor of law at a university and the remainder of persons must be appointed on account of any other qualifications, expertise and experience relating to the objects of the Regulator.

The appointment of the members of the Regulator will then facilitate the commencement of the remainder of the Act.

Privacy and data protection legislation for South Africa is in line with international trends and the implementation will bring South Africa in line with international best practice.

By the same token, compliance with PAIA is vital for persons to be able to exercise their rights. The Information Regulator will be able ensure that our country meets both these aims.

Thank you.

More on

Share this page

Similar categories to explore