Funds Approved for Establishment of Privacy Regulator

Posted June 1, 2015
Written by Mark Heyink
The Deputy Minister of Justice, the Honourable John Jeffery, in addressing the House of Assembly during the Department of Justice Budget vote on the 19th May 2015, confirmed that appropriate funding to allow for the establishment of the office of the Regulator, required in terms of the Protection of Personal Information Act, had been agreed by Treasury.

The Deputy Minister said:
 
“I am pleased to announce that with regards to the appointment of an Information Regulator in terms of the Protection of Personal Information Act, that agreement has been reached with Treasury on the grading of the Regulator and a letter will soon be sent to the Speaker, requesting her to initiate the nomination process envisaged in section 41 of the Act.  This section requires a multi-party committee of the National Assembly to assist with the nomination of persons who are eligible for appointment as members of the Regulator. The appointment of the members of the Regulator will, in turn, facilitate the commencement of the remainder of the Act.”

In a conversation with the writer prior to the announcement, the Deputy Minister advised that advertising for the appointment of senior posts will be placed in the near future and office is likely to be established before the end of this year. The Deputy Minister must be commended for personally intervening to facilitate the agreement with Treasury in this regard.

This will pave the way for the State President to proclaim the commencement of the operative provisions of the Protection of Personal Information Act as soon as the Regulator is operationally able to fulfil its functions.

This development must be welcomed as, despite the constitutional imperative of protecting the privacy of citizens, South Africa has fallen some 30 years behind many democratic countries in controlling persons who have taken advantage of the lack of regulation in an unbridled abuse of personal information. The failure to require statutory protection of personal information has also led to South Africa being a vulnerable and easy target for organised crime.

A factor which until recently seems to have escaped, or been rather foolishly ignored, by government is that every credible Cybersecurity Framework globally recognises the absolute necessity for the establishment of the checks and balances provided by good privacy legislation and regulation, to the powers that need to be granted to law enforcement agencies. This has been emphasised by the Snowden revelations and the political and commercial fallout that these have caused, resulting in renewed emphasis being given to Privacy globally as the most important area of emerging jurisprudence in defining the parameters of our information society and economy.

Against this background the appointments to the Regulator will be followed with interest. Independence is an absolute pre-requisite and the Regulator must be allowed to as quickly as possible commence performing the duties required in the Act, without “fear or favour.”

The Minister of State Security, the Honourable David Mahlobo, indicated recently in his budget speech that cybersecurity is a priority and the necessary legislative and regulatory frameworks are to be established in the course of this year to facilitate initiatives to establish and promote cybersecurity in South Africa. It is to be hoped that government begin to realise, there being little evidence of this to date save for political rhetoric, that the success of any cybersecurity program is dependent on establishing and maintaining appropriate public/private sector partnerships.  The aim should be to equip every citizen with the tools and training to be a “cyber-warrior”. As Professor Basie von Solms has stressed repeatedly, neither the public nor private sector will succeed in combatting cyber-security without appropriate partnership and co-operation.

Whenever the proclamation of commencement is signed by the State President, for most processors of personal information much still has to be done to ensure that they will be able to comply with the Act. Even among our “blue chip” corporates my observation is that far too little has been done to date. Of course government, as the largest repository of personal information in our country, is also ill-prepared to comply with the Act. If the relevant leaders and Ministers are as serious about cybersecurity, and therefore privacy, as they have claimed, they will need to evidence this in purposeful leadership and action. If their claims are made for no other reason than political expedience, the job of the Regulator will be rendered infinitely more difficult and the rapid erosion of this constitutional right of privacy, so critical to our open democracy, will be accelerated.

We live in hope that the Regulator will be a resounding success. In light of the failures of so many of our institutions this will be wonderfully refreshing.

©Mark Heyink 2015 www.privacyonline.co.za

Subscribe
Unsubscribe
news
  • 13 September 2017 - 12:37:00
    In Government Gazette No. 41105 published on the 8th September 2017, the Information Regulator invited comment on the draft Regulations ...

  • 11 April 2017 - 10:02:00
    I was recently referred to an article entitled "Responding to Cybercrime at Scale: Operation Avalanche - A Case Study". The article is published by the Centre for Cyber and Homeland Security at the George Washington University and is authored by Robert Wainwright, a director of Europol and Frank J. Cilluffo, director of the Centre for Cyber and Homeland Security.

    For anyone dealing with the Cybercrimes and Cybersecurity Bill, this article provides some insight into the complexity of cybercrime and the profoundly different way in which the combatting of cybercrime needs to be addressed.