Contact

Contact Us

Gateway

Employee Gateway

Training

Book Training

Menu

Search

Promotion of Access to Information Act - handling requests and reporting for public and private bodies

June 11, 2024

Promotion of Access to Information Act - handling requests and reporting for public and private bodies

PAIA request

The Information Regulator recently issued a notice which requires all public and private bodies to report on requests for access to information that they received and processed in the 2023/2024 financial year.

This is to comply with section 32 and section 83(4) of the Promotion of Access to Information Act 2 of 2000 (PAIA) which require Information Officers of public and private bodies, respectively, to submit such reports to the Information Regulator.

The purpose of this article is to provide clarity on PAIA requests and reporting, as well as what is expected of private bodies.

A PDF copy can be easily downloaded here of the Notice to Information Officers and Head of Private_240604_130307_0.pdf

What is the Promotion Of Access to Information Act (PAIA) all about?

The purpose of PAIA is to promote access to information by both natural and juristic persons.

The Act allows for access to information held by public bodies as a general rule, and information held by private bodies when persons (both natural and juristic) need to exercise their rights and the information that is in the custody of the private body is required to exercise such rights. Access to information is a right guaranteed in terms of section 32 of the Constitution. One of the responsibilities of the Information Regulator is to monitor and report to Parliament on the progress made by the public and private sector in facilitating and fulfilling the requirements of PAIA every year.

What is a PAIA request?

PAIA defines a request for access to information made either to a public body according to section 11, or to a private body according to section 50. In terms of section 11 of PAIA, anyone who requests access to information held by a public body must be given such access if they follow the correct procedure for making such a request and if the requested information does not fall within the categories of protected information as stipulated in Chapter 4 as “grounds for refusal”.  

In terms of section 50, anyone who requests access to information held by a private body must be given such access if they require the information to exercise or protect any right; if they have followed the required procedure; and if the requested information does not fall within the categories of protected information as stipulated in Chapter 4 as “grounds for refusal”. The person making such a request is known as the Requester. Examples of grounds for refusing access to the requested information relate to the body’s confidential commercial records, trade secrets or information that relates to research being done by the public or private body, either for the body as such or on behalf of a third party.

The distinction between Public and Private bodies

It is noteworthy that the right to access to information held by public bodies is an inherent right which does not require further qualification.

The PAIA guide states that “when submitting a PAIA request to a public body, one does not need to have a reason for requesting the information” (PAIA Guide – English, page 24). Of course, there are instances where a public body is allowed to deny such access when the information falls within the categories of information as stated under “grounds for refusal” or is protected on discretionary grounds as stipulated in sections 41, 42, 44 and 45 of PAIA. This inherent right to access to information held by a public body differs from a request made to a private body, in which case they have to justify the right to access by furnishing an adequate explanation of the right they wish to exercise or protect by having access to the requested information.  

Moreover, the PAIA guide explains that a Requester cannot use PAIA to request personal information about him/herself held by a public body as this right is provided for in section 23(1)(b) of POPIA which allows a data subject to be given access to their personal information held by a Responsible Party.

How to make a PAIA request

All requests made to public and private bodies must be addressed to the Information Officer by completing a PAIA form Request for Access to Record - Form 2.

It is important, however, to note that PAIA allows for requests for access to be made in terms of any other legislation in cases where it is be easier than making a PAIA request (section 6 of PAIA). The request must be attended to timeously to avoid escalation to the Information Regulator by the Requester or “deemed refusal” where the request has been ignored. Where a complaint is raised with the Information Regulator or an allegation of “deemed refusal” has been made, the Regulator will have to investigate. The body to which the request is addressed may request an extension of the period of time required to provide the relevant information (section 57).

Public and Private bodies’ response to PAIA requests

On receipt of a PAIA request, the Information Officer will make a decision whether or not to grant the request.

This decision must be communicated to the Requester on the relevant form and the fees payable for access must be communicated to the Requester (PAIA section 56). The Information Officer is also obliged to furnish the Requester with the reason for denying them access to the requested information. If the Requester is not satisfied with the decision made by the Information Officer, they can escalate the matter to the Information Regulator in the case of requests made to private bodies, or to the relevant appeal office in the case of public bodies that have an appeal process by completing an Internal Appeal Form - Form 4.

What should be reported by Private bodies to the Information Regulator?

It is important for private bodies to understand the above aspects of PAIA, as well as the processes that must be followed when they receive requests, so that they can furnish a comprehensive report to the Information Regulator.

The report must stipulate information such as the number of requests that the body received; the number of those requests that had been granted partially or in full and where access was denied; the reasons for such denial, as well as any complaints or escalations that were made by the Requesters to the Information Regulator.

Conclusion

PAIA allows for access to information by both natural and juristic persons, as guaranteed in the Constitution. The Information Regulator has a responsibility to monitor compliance with PAIA by both public and private bodies, which involves getting private and public bodies to report to the Information Regulator.

SERR Synergy gives holistic guidance on how to deal with all aspects of Information Compliance, which helps industry to focus on their core business while avoiding compliance woes. We assist clients to comply by guiding them on POPIA, PAIA and CPA compliance requirements, including the submission of PAIA request reports to the Information Regulator.

About the Author: Pedzisai Maririmba joined SERR Synergy in 2016.  She serves as an Information Compliance Advisor. She is an Admitted Attorney of the High Court of South Africa, and holds an LLM from the University of Pretoria, an LLB from UNISA, and a BSc (Hons) in Media and Society Studies from the Midlands State University. Pedzisai also holds certifications in Compliance Management and Cybersecurity from the University of Cape Town. She is passionate about Legal compliance encompassing POPIA, PAIA, Consumer Protection and Cyber Security.

Sources:

Protection of Personal Information Act 4 of 2013

Promotion of Access to Information Act 2 of 2000

PAIA Guide – English Updated 5 September 2023

Print PDF

Newsletter Inner

Get Instant Access to This Download

Enter your details below, and we'll email the pdf straight to your inbox.

Upload requirements

Latest Blogs

 
UPCOMING EMPLOYMENT EQUITY SUBMISSION DEADLINES
Reminding employers who missed the October 2025 manual submission deadline for Employment Equity Reports that they must submit online by 15 January to ensure compliance.
Read More ›
 
ALIGNING SOUTH AFRICA’S SOCIO-ECONOMIC LAWS WITH UN GLOBAL COMPACT PRINCIPLES
Globally, responsible businesses align with the UN Global Compact’s 10 Principles—principles embedded in South Africa’s laws driving socio-economic development.
Read More ›
 
FROM COMPLIANCE TO CULTURE: HOW LEADERSHIP SHAPES A SAFER WORKPLACE
Highlighting the importance of creating a safety culture that goes beyond compliance.
Read More ›

You May Also Like

 
Are electronic signatures legal?
Given the current situation faced by South Africa and the rest of the globe, a concern was raised as to whether all agreements and contracts can be signed electronically.
Read More ›
 
Direct Marketing vs the Consumer Protection Act and POPI Act (part 2)
Last week we dealt with the definition of direct marketing and whether a consumer can restrict a supplier from communicating directly with him/her. This week we wil
Read More ›
 
Beginners guide to practical Cybersecurity
Every 40 seconds, a company gets hit by ransomware, with hackers breaching up to 12 million files per minute. Unfortunately, it's far more sophisticated and disruptive to your business operations.
Read More ›