What type of information should be included in a PAIA manual?

What type of information should be included in a PAIA manual?

Promotion of Access to Information Act

The Promotion of Access to Information Act (PAIA) requires that entities declare and categorise the information available in their businesses in the form of a Manual.

This PAIA manual must be submitted to the Information Regulator, while a copy thereof must at all times be available on the business’s premises and website. 

The Act ensures that public and private entities are accountable and transparent with regard to the information they keep.

In a previous article we elaborated on the role of an Information Officer as per the POPI Act

It is important to note that the Information Officers referred to in the POPI Act are the same Information Officers as referred to in the Promotion of Access to Information Act 2 of 2000 (PAIA) and are therefore tasked with performing their duties in terms of both such sets of legislation.

In this article we aim to explain the type of information that should be included in a PAIA manual and also the benefits of PAIA compliance. 

What information should be in a PAIA Manual?

No PAIA Manual fits all. It must cover a wide spectrum of areas in terms of different legislation, corporate governance, etc. and, depending on the organisation, should include a detailed description of the following:

  • The postal and street address, phone and fax number, and, if available, e-mail address of the head of the body
  • Other prescribed officers who have access to the entity’s information
  • Full description of business activities
  • Any other group structures that might be applicable
  • Contractors/Operators
  • Grounds for refusing access to information
  • Prescribed fees
  • A description of and guide on how to use the Act to get information from other entities
  • A list of other legislation applicable to the organisation, e.g. the Employment Equity Act 55 of 1998, the Income Tax Act 58 of 1962, etc.
  • The records that are available to an interested party without having to request access in terms of the Act
  • How to request records from the body in terms of the Act
  • A description of the records that are categorised and classified, for example, records that are automatically available, personal information, special personal information and confidential information in accordance with any other legislation
  • Various information relating to the Protection of Personal Information Act (POPI).

Understanding the liabilities and benefits of PAIA compliance?

A person with the intent to deny another person the right of access to information (destroys, damages, conceals or alters a record) where such other person requires the information to exercise any right to which he/she is entitled, commits an offence.

In practice, it will be the Head of the body (business entity) who would be liable in his/her personal capacity and, on conviction, to a fine or imprisonment for a period not exceeding two years.

Apart from avoiding criminal prosecution, the PAIA Manual provides businesses with the opportunity to

  • classify their information
  • protect their own trade secrets and sensitive commercial information and records
  • prevent unwanted publication
  • protect their own information in the possession of a third party or individual on condition that the business itself complies
  • provide a procedure for requesting information within a specific or regulated environment.

In conclusion

Entities can only rely on the protection offered by the Act and enforce protection of its own information against any unwanted disclosure if they can provide evidence of their own compliance. Drafting a sub-standard Manual has often been interpreted as non-compliance. It is therefore the responsibility of the Head of the body to ensure that the Manual is drafted by a competent person with the relevant qualifications and practical experience to minimise unwanted disclosure and consequences. Non-compliance with the Act or failure to consider the risks associated with non-compliance would be a breach of a director’s fiduciary duties and such director(s) would be deemed liable in their personal capacity in terms of the Companies Act 71 of 2008.

SERR Synergy assists businesses in compiling PAIA Manuals and submitting these to the Information Regulator on an annual basis. Our professional legal team ensures that all the information of the business, including the Information Officer’s details, is provided in the Manual. The Manual also includes the different categories of information, with an indication of which information is confidential or automatically available, as required by the POPI Act. We ensure that our clients keep their PAIA Manual updated, on-site and accessible on their website.

About the Author: Retha van Zyl completed her BCom Hons (Economics and Risk Management) studies at the North West University. She joined our team in January 2016 and currently holds the title ‘Senior Information Compliance Advisor’. She specialises in POPI and PAIA compliance, which includes compiling and submitting PAIA Manuals to the Human Rights Commission. She also compiles the Data and Information Protection Report to identify risks associated with information security and drafts Information Security policies for procedural compliance in each department within an organisation.

Please note that a similar article was published by the author on the Business Essentials platform in November 2019 - Link  

You May Also Like

 
Direct Marketing vs The Consumer Protection Act and POPI Act (part 1)
June 07, 2018
What is allowed when approaching consumers with Direct Marketing activities?
 
What are the responsibilities of a company processing personal information towards individuals and other companies using this information?
December 03, 2020
At a time where businesses participate in an integrated society, it is normal to draw in as many outsiders/ third parties as possible to reap the benefits of everyone’s expertise and, ultimately, to deliver the best, most specialised and thought-through end products for consumers.
 
What type of information should be included in a PAIA manual?
October 04, 2021
The Promotion of Access to Information Act (PAIA) requires that entities declare and categorise the information available in their businesses in the form of a Manual, which must be submitted to the Information Regulator, while a copy thereof must at all times be available on the business’s premises and website.
COVID-19
Online Resource & News Portal
SAcoronavirus.co.za