The foundation of good governance lies in assigning responsibilities for activities that will contribute to effective governance. It is no different for establishing governance mechanisms for laws such as the Protection of Personal Information (POPI) and the Promotion of Access to Information (PAIA) Acts.
The first step in preparing for compliance with these Acts is to identify the elements of governance that will be required to prepare for and maintain an appropriate level of compliance with the Acts. In principle, it is best to start a POPI Compliance Preparation Project (CPP) which incorporates PAIA. The project should aim to understand your current level of readiness for compliance with the Acts, identify the relevant stakeholders, assign responsibilities for carrying out compliance preparation tasks and ensure that these are completed within an agreed timeframe.
In Home Owners’ Associations, the levels of governance are typically the Board of Trustees (1st level), Estate Manager or CEO (2nd level) and the HOA management team (3rd level). In order to initiate a CPP, approval should be obtained from the Board of Trustees who should appoint the Estate Manager as the Project Sponsor as being accountable for the oversight and successful completion of the project. The Estate Manager should appoint a Project Manager who will be responsible for identifying project team members as well as to allocate project tasks to them.
During the CPP, roles and responsibilities for managing the processes for maintaining compliance once the project has been completed, should be defined. There is an essential role required by both the POPI and PAIA Acts, namely the Information Officer. By default, this is the designated head of an organisation, typically the CEO of an organisation. In an HOA, this is the Estate Manager. The POPI and PAIA Acts make provision for the appointment of Deputy Information Officers to whom the Information Officer can delegate the day to day tasks of managing compliance activities. In an HOA one Deputy Information Officer may be sufficient although the Information Officer may wish to appoint more than one deputy.
ARC Business Partner, IACT-Africa, has developed a toolkit which enables HOAs to prepare for POPI and PAIA compliance. One of the tools is a Governance Assessment tool which contains 30 POPI Governance elements. These include commitment from the board, audit and risk as well as the Information Officer. Completion of the CPP, carrying out self assessments, the development of a policy framework and breach oversight to name a few, are included.
These governance commitments may seem very daunting but laying the right foundation for roles and responsibilities, and the related tasks for these will go a long way towards establishing a compliance capability for the POPI and PAIA Acts. Don’t try to reach for perfection in the first phase of your compliance journey, establish reasonable organisational and technical measures in line with your risks, this is all the POPI Act asks for. For more information, visit www.iact-africa.com/popi.html or call 010 500 1038.
This article was submitted by Dr Peter Tobin.