POPIA Information Officer: the new role in your business

It’s official. The Protection of Personal Information (POPI) Act or POPIA is set to change the real estate industry. The Act will require you to tighten the way you handle personal information. To achieve this, the Information Officer will play a critical role in fulfilling the Act’s requirements within your business. The Information Officer is compulsory and holds a number of important duties and responsibilities as defined by the Act. 

Who is the POPIA Information Officer?

The Information Officer is tasked with encouraging compliance with the conditions for the lawful processing of personal information. Your real estate agency or brokerage will already have an Information Officer by default. The Promotion of Access to Information Act (PAIA) automatically appoints this figure within all private and public bodies without exemption. For a private body, like your real estate business, the head (for example the CEO or MD) is responsible for the duties. 

The role of the POPIA Information Officer

The duties and responsibilities of the Information Officer, as well as the designation of responsibilities to deputy information officers, are covered in Sections 55 and 56 of the Act. 

The Information Officer will need to ensure your business complies with the conditions for the lawful processing of personal information. They’ll need to deal with requests made to your business in terms of the POPI Act. If there are any POPIA investigations conducted in relation to your business, they’ll need to work closely with the Regulator. They’ll also need to fully ensure your business complies with the provisions of POPIA.

POPIA Regulations further define the expectations of the Information Officer. They’ll need to develop, implement, monitor, and maintain a compliance framework. A personal information impact assessment will need to be undertaken. The Information Officer will need to develop, monitor, maintain, and make a PAIA manual available. They’ll need to develop internal measures with adequate systems to process requests for information. Finally, the Information Officer must conduct internal awareness sessions regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator. 

Appointing your POPIA Information Officer

Heads of real estate businesses will likely not have the time and capacity to carry out their responsibilities as Information Officer. Instead, you can delegate your duties to any other duly authorised person/s. The Information Officers will all need to be registered with the Regulator.

Your HR department or legal team can draft a letter of appointment authorising another individual to act on your behalf. This will give your Information Officer the responsibility, while ensuring they and the business are clear about the position’s duties. 

When choosing your Information Officer, look for someone who has a strong knowledge of the ins and outs of data protection law. If you’re upskilling someone within your business, there’s plenty of information available online about the Act. You can also sign them up for a workshop, data compliance programme with Michalsons, or certification. 

Mark Heyink, Senior Associate at Michalsons, says your Information Officer will need to have these qualities to conduct their role successfully:

• Be a leader: This person must lead the organisation in complying with the Act. They’ll be in charge of a culture shift in terms of how your real estate agency or brokerage deals with data. Heyink emphasises that they’ll need adequate authority and support and should not be treated as an internal auditor. 

• Communicate well: The person must have good communication skills. The position requires them to work closely and engage with employees within the real estate business and your clients. 

• Know your business: Heyink advises against outsourcing the position. He believes your Information Officer should have an in-depth understanding of your business and how you process data. The core competencies required by data protection should be developed internally within your business.

• Be reasonably tech savvy: It is vital they understand information security and the measures that need to be put in place. 

• Able to adapt: The person should be willing to learn and change their approach as information technology is a dynamic field.

Getting to grips with POPIA

Once appointed, your Information Officer will work towards getting your agency or business in check. Prop Data encourages all our clients’ Information Officers to engage with us. We can help you fulfil the expectations of the Act within our role as your marketing and proptech solution provider of choice. 

Next month, Prop Data will launch a drip campaign solution to your existing database looking to get POPIA compliant. They’ll be provided with an opt-in between now and when the Act will be enforceable by the end of June next year. Please contact your Account Manager for more information about our upcoming promo.