An introduction to the protection of personal information in the healthcare practice: Responsibilities of the Information Officer

An introduction to the protection of personal information in the healthcare practice

4. Role players - who is who?

4.3. Responsibilities of the Information Officer

Topic

Responsibilities of Information Officers

1. Responsibilities of Information Officers

With the coming into force of the POPIA, the role of the Information Officer as governed by the PAIA has expanded.

Section 55 of the POPIA read together with Regulation provide that the IO is responsible for, amongst other things:

ensuring that the RP complies with the conditions of lawful processing of PI
deals with requests made to the RP
works with the IR in relation to any investigations conducted in accordance with the relevant provisions of the POPIA
ensure a compliance framework is developed, implemented, monitored and maintained
attend to a PIIA to ensure that adequate measures and standards exist within the RP in order to comply with the various conditions for lawful processing of PI as contemplated in the POPIA
ensure that a manual as contemplated in the PAIA is developed, monitored, maintained and made available
ensure that internal employee awareness sessions are conducted regarding the provisions of POPIA.

The position of the IO is an automatic appointment, but the IO is required to register with the IR prior to taking up their duties as an IO under POPIA.

The RP is entitled to appoint as many Deputy Information Officers (DIO) as may be necessary to perform the duties placed on the IO. However the RP must carefully consider who will take the position of DIO. Selecting the right individual for this role is important because if a DIO fails to perform the duties delegated to them, it could have adverse implications for not only the RP but also the IO.