Financial regulators propose joint standard on minimum requirements for cybersecurity and cyber resilience
POPIA Update: South African Information Regulator muscles up with Enforcement Committee
Legal Development 05 August 2022 05 August 2022
Data Protection & Privacy
South Africa’s Information Regulator has announced the establishment of its Enforcement Committee in terms of section 50 of the Protection of Personal Information Act (POPIA). This development is significant as it equips the Information Regulator to exercise its enforcement powers effectively for the first time since it was established in 2016.
The Enforcement Committee comprises 14 independent experts from an array of professional backgrounds such as law, information security, education, accounting & auditing, actuarial science, forensics and criminal investigations. The Enforcement Committee will be chaired by Helen Fourie SC, with Ms Simoné Margadie as an alternative chairperson.
Powers of the Enforcement Committee
The Committee is empowered to assist the Information Regulator with enforcement under POPIA and the Promotion of Access to Information Act (PAIA).
Under sections 76 and 92 of POPIA, the Information Regulator may refer complaints it has received to the Enforcement Committee for review. The Enforcement Committee can make findings and provide recommendations to the Information Regulator concerning enforcement action against responsible parties or information officers.
Failure to comply with an enforcement notice may result in a responsible party being guilty of an offence under section 103(1). An offending party may be liable for a fine and/or imprisonment of up to 10 years, or to an administrative fine of up to R10 million.
The Enforcement Committee will play a crucial role in providing effective remedies to complainants under POPIA and PAIA. We expect to see its powers demonstrated soon.
Clyde & Co specialises in all aspects of cyber risk, data protection, insurance and claims. Our end-to-end cyber solution is designed to boost cyber resilience and is built around pre-incident planning, effective incident response and post-incident recovery.