Despite its financial constraints, the Information Regulator (InfoReg) plans to expand its staff complement, as it looks to accelerate its operations and digital initiatives in the new financial year.
This is according to InfoReg CEO Mosalanyane Mosala, speaking at the recent annual stakeholder engagement session hosted by the regulator. He discussed the InfoReg's operational functions, challenges and opportunities.
After recently concluding its planning process for the 2025/2026 financial year, the regulator briefed the media and stakeholders on its annual performance plan for the 2026/2027 year.
According to Mosala, the InfoReg faces the challenge of budget constraints – leading to the organisation not being able to efficiently carry out its mandate.
The watchdog currently has a staff complement of 92 and plans to fill six vacant positions in the new financial year.
Another 40 more hires will be made during the course of the year, to take care of the numerous programmes it has in the pipeline, including the health and wellness programme, the training of staff and introducing new IT systems.
“In the financial year that is about to end at the end of March, we were allocated R110 million. Of these funds, 70% goes towards paying staff salaries, and just over R30 million goes towards the organisation’s projects and operations.
“We are trying to build a team of men and women who must bring the very best into the organisation. We are recruiting people to come and work for the regulator, but with those meagre resources, our difficulty is that we can't keep those people because some stakeholders poach them and give them attractive salaries,” explained Mosala.
“Our ICT division is an example of an area that needs more work. We have decided that because we do not have the money to outsource, we have employed developers who will develop our programs from within the regulator.
“We have the ‘My Regulator’ portal, which is internally-focused, and is helping us with contract registers, corporate calendars, security compromises and so forth. We are also introducing the e-services portal that will serve both the public and private sectors.”
In the next financial year, which starts on 1 April, the InfoReg’s budget has been increased to R135 million, which is still insufficient, considering that 70% of it will be allocated to salaries, he added.
As an organisation that often has to contend with legal battles when fines are issued, it’s important for the regulator to have financial muscle, Mosala asserted.
Online resource drive
The InfoReg is, among other duties, empowered to monitor and enforce compliance by public and private bodies with the provisions of the Protection of Personal Information Act (POPIA) − South Africa’s data privacy law.
As of 30 June 2021, it took over the regulatory mandate functions relating to the Promotion of Access to Information Act from the South African Human Rights Commission.
The InfoReg recently rolled out the security compromise reporting online portal, where organisations are required to lodge a report in the event that a breach or data leak is suffered.
“In future, we are looking at coming up with a complaints management system and we have decided to develop it in-house, after making an attempt to develop it somewhere else. We want to improve on our ability to respond to public complaints, register them and then deal with them timelessly.
“We will also have an online system that will deal with applications for exemptions, applications for prior authorisations, etc. And we want to also have a system that will integrate with the CIPC [Companies and Intellectual Property Commission] so that we can work together and utilise what they can assist us with, in order to improve our work.”
Rogue information officers
From 1 April 2024, to date, the information watchdog has received “an alarming” 2 023 complaints from the public, specifically relating to data security compromises, it says.
Another 1 092 complaints have been lodged against direct marketing, gated complexes and local organisations that have allegedly failed to comply with the requirements of POPIA.
“Compliance with POPIA in the private sector is quite good, but in the public sector it's not that good. We have raised this with the justice minister, and we are trying to have engagements with the public institutions so that we can improve compliance. We have Promotion of Access to Information Act parliament report submissions and we are required to get those submissions from different institutions,” he added.
In 2022, the InfoReg introduced an online portal for public and private organisations to register their information officers, as required in section 55 (2) of the POPIA.
“We appreciate that we have had over 40 000 information officers that have registered on the portal, but we have discovered that this is only 1% of those who are supposed to be registered nationwide.
“We still have about three million information officers who are not registered and who are processing personal information and dealing with access to information requests unlawfully, because they are not registered. This is a big concern and we are trying to find a way to resolve it,” he concluded.
Share