Information Officer Roles & Responsibilities
The content has been based on the requirements of the Information Officer as stipulated in the Protection of Personal Information Act (ACT NO. 4 OF 2013), and it’s Regulations (as at DECEMBER 2018), as well as the the Promotion of Access to Information Act, 2000, augmented by our practical experience with other clients. Depending on your organisation, you may need to formalise or loosen some of the language and KPI’s.
The Information Officer is often the CEO/MD (or equivalent) or a similar senior position in the company.
As it is always not feasible for the head of the business to carry out the practical daily responsibilities required in terms of POPI, the head of business can delegate his/her responsibilities as Information Officer to any other duly authorised person/s. However, it is important to note that whoever “determines the purpose of and means for processing personal information” remains ultimately responsible for ensuring that the processing of personal information is done in a lawful manner.
The Information Officer must in writing, appoint as many Deputy Information Officers as necessary. By way of an example, the appointment of Deputy Information Officers may become necessary to make the organisations records as accessible as reasonably possible for requesters.
Information Officers will need to be registered with the Regulator, and Deputies align their efforts 100 % to the Information Officer, who remains the conduit to the Regulator and the outside world (in terms of Personal Information Protection)
While POPI does not set out specific skills and qualifications for an Information Officer/ Deputy Information Officer, realistically the role (in particular Deputy Information Officer) may require the following:
- A detailed understanding of POPIA and Privacy regulations (Deputy)
- A broad understanding of POPIA and Privacy regulations (IO)
- A good understanding of risk and compliance to act as the designated information officer/ deputy information officer of the business (IO & Deputy)
- A broad understanding of the company operations (IO)
- A detailed understanding of company operations (Deputy)
- No conflicts of interest (IO & Deputy)
- Good coordinator (IO)
- Good problem solving skills (IO)
In addition to the above, the Information Officer should either have positional power within the organization, or a strong mandate, and should have a charismatic and energetic disposition to ensure success.
Appointing an Information Officer is a legal requirement, and needs to be done to ensure accountability is taken in your organisation. Although the Information Officer is the legally responsible person in the organisation, no guilty individual or team will be untouchable in the event of a breach within an organisation.