SOME exciting legislation protects the rights of South African citizens and our businesses in this era of escalating information — and that also extends the individual rights of citizens to access information.
As always, protections and rights carry with them a reciprocal responsibility and compliance requirement from citizens and business. Compliance is also required as part of the empowering supplier endorsement for the revised black economic empowerment (BEE) codes; without this, no client buying from you would be entitled to any points under procurement.
Until recently, statutory compliance with prescripts that regulate access to and protection of information has not been applicable within the South African business environment. The most significant legislation within the new compliance landscape is the Protection of Personal Information Act, which was accepted as law in 2013, to be implemented early next year.
This act provides for the implementation of measures to protect all forms of personal information, and for the appointment of a regulator to enforce both the this and the Promotion of Access to Information Act. Known by all as PAIA, the latter affords all of us the right to public information enshrined in the Constitution.
These laws are part of the cornerstone of our democracy. The urgency of enforcing them comes with the information explosion era, which has prompted governments all over the world to look at legislation in this domain.
North America and Europe already have this legislation in place, now the Brics (Brazil, Russia, India, China, SA) nations have these acts “half-implemented”, with the other half being enforced next year.
Hence, it is much broader international and cross-border legislation that has the power to protect us in a number of ways — from protection against money laundering to the protection of businesses’ trade secrets and the protection of personal information.
If someone calls you to sell you a product, and you inquire where they sourced your number, they are obliged via PAIA to reveal this because your cellphone number is private information protected in terms of the law. It gives you the right to sue whoever revealed your information without your consent.
The legislation also affords us the right to demand information in the public interest — such as when the media approached Eskom to ask what rates it was charging the aluminium industry for electricity. When Eskom withheld the information, the media went to court, and the state-owned enterprise was obliged by law to release the information.
SA’s information regulatory framework is based on legislation in Europe and Australia, but we are a few years behind in information compliance. Research conducted by the information Compliance Research Group, which comprises academics studying cross-border and international trends, and of which I am a member, has shown that it is not possible for SA to continue much longer without the regulation of information in all spheres of business and society.
The damage caused to individuals and businesses daily is costing the economy billions of rand. Technological advances, social media, industrial espionage, the sophistication of syndicates, the negligence of employees, and other factors compound the issue. Businesses require protection as each of us is at risk on a daily basis. Everyone has personal information in their possession, including schools, churches, medical practitioners, cellphone companies and banks.
Businesses disclose their trade secrets and sensitive information to entities such as consultants, banks and accountants. It would be reassuring to know that they are legally obliged to spend resources, time and effort to safeguard this information.
Although PAIA has been in force since 2000, various categories of businesses were exempt from compliance. Such exemption ceases on December 31. The head of the business may face criminal prosecution should he or she fail to comply with the act. This includes drafting and publishing an information manual. This is the only legislation that forces non-public entities to publish policies and procedures to be placed in the public domain.
Businesses need to consider carefully who they appoint to compile their manual. They should require some written guarantee or public liability cover from external service providers to protect the business in the event of damages resulting from sub-standard or noncompliant documentation. Compliance by, and protection of, the company and directors are the main consideration, and not price.
Since 2000, PAIA has been beefed up by regulations and legal notices including the National Credit Act, and the Consumer Protection Act, as well as the new Companies Act.
Noncompliance carries fines of up to R10m and two years’ imprisonment for the head of the business in terms of PAIA, and awards of up to 10% of annual turnover in terms of the Consumer Protection Act. With these administrative orders and a regulator under the personal information act, it should be clear that the new developments have bite.
Apart from the above enforcement mechanisms, the revised BEE codes have added some spice to proceedings. The revised codes provide for an empowering supplier endorsement on all BEE certificates issued to measured entities with an annual turnover of more than R10m. The empowering supplier-qualification provides for compliance with three of the five requirements in the case of a generic entity (turnover exceeding R50m per year) and one of the five requirements in the case of a QSE (qualifying small enterprises, turnover less than R50m per year). These can be summarised as follows: procuring at least 25% of goods domestically; 25% beneficiation of products; 50% of all new jobs to be created for black people; 12 days per year spent on skills transfer to small black entities and, for services industry entities, at least 85% of wages paid to South African employees.
• Gerber is an attorney and founder and director of Serr Synergy