PROMOTION OF ACCESS TO INFORMATION ACT 2 OF 2000
Manual to Accessing Information (Manual)
This Manual has been prepared in terms of section 51 of the Promotion of Access to Information Act 2 of 2000 (PAIA) and updated in the light of the Protection of Personal Information Act 4 of 2013 (POPIA).
The Information Regulator (“Regulator”) is a statutory body established in terms of section 39 of the Protection of Personal Information Act 4 of 2013. The Regulator is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the Promotion of Access to Information Act 2 of 2000 (“PAIA”).
Purpose of PAIA
PAIA is an act passed to give effect to the constitutional right, held by everyone in South Africa, of access to information held by the State or another person and required to exercise or protect any right. Where a request is made in terms of PAIA, the body to which the request is made is obliged to give access to the requested information, except where the Act expressly provides that the information may or must not be released.
It is important to note that PAIA recognises certain limitations to the right of access to information, including, but not exclusively, limitations aimed at the reasonable protection of privacy, commercial confidentiality, and effective, efficient and good governance, and in a manner which balances that right with any other rights, including such rights contained in the Bill of Rights in the Constitution.
POPIA was enacted in November 2013, to promote the protection of personal information processed by public and private bodies. POPIA amended certain provisions of PAIA, balancing the need for access to information against the need to protect personal information.
One of the main requirements specified in PAIA is compiling an information manual that provides information on the types and categories of records held by a private body. This document serves as our firm’s information manual. This Manual is compiled in accordance with section 51 of PAIA and the Schedule to POPIA. It is intended to give a description of the records held by and on behalf of our firm; to outline the procedure to be followed and the fees payable when requesting access to any of these records in the exercise of the right of access to information, with a view of enabling requesters to obtain records which they are entitled to in a quick, easy and accessible manner.
This Manual is available for public inspection at the physical address of our firm, recorded in paragraph 4 below, free of charge, and on this website, free of charge; and on request by any person (along with payment of a prescribed fee).
The Manual is available from the designated Information Officer, whose details appear below.
The responsibility for administration of, and compliance with, PAIA and POPIA have been delegated to the Information Officer.
Requests pursuant to the provisions of PAIA and/or POPIA should be directed to the Information Officer using the contact form on our CONTACT US page.
Information Regulators Guide
An official Guide has been compiled, which contains information to assist a person wishing to exercise a right of access to information in terms of PAIA and POPIA. This Guide is made available by the Information Regulator (established in terms of POPIA). Copies of the updated Guide are available from the Information Regulator as prescribed. The South African HUMAN RIGHTS COMMISSION, Head Office, Braampark Forum 3, 33 Hoofd Street, Braamfontein. Tel (011) 8773750. Fax (011) 403 0668. Email firstname.lastname@example.org. Website www.sahrc.org.za.
A private body may, on a voluntary basis, make available a description of categories of records that are automatically available without a person having to request access in terms of PAIA.
The only fee for access to these records may be a prescribed fee for reproduction.
Types and Categories of Records
A requester may also request information that is available in terms of other legislation, such as (the below is not an exhaustive list):
6.1.1. Competition Act 89 of 1998;
6.1.2. The Companies Act 71 of 2008;
6.1.3. The Labour Relations Act 66 of 1995;
6.1.4. Employment Equity Act 55 of 1998;
6.1.5. Basic Conditions of Employment Act 75 of 1997;
6.1.6. Compensation for Occupational Injuries and Diseases Act 130 of 1993;
6.1.7. Financial Intelligence Centre Act 38 of 2001;
6.1.8. Income Tax Act 58 of 1962;
6.1.9. Occupational Health and Safety Act 85 of 1993;
6.1.10. Unemployment Insurance Act 63 of 2001;
6.1.11. Value-added Tax Act 89 of 1991; and
6.1.12. Consumer Protection Act 68 of 2008.
Subject Categories of Records
The information is classified and grouped according to records relating to the following subjects and categories:
Personnel Records: “Personnel“ refers to any person who works for or provides services to or on behalf of our firm and receives, or is entitled to, remuneration and any other person who assists in carrying out or conducting our firm’s business. It includes, without limitation, directors (executive and non-executive), all permanent, temporary and part-time staff, and contract workers.
Personal records provided by personnel include:
7.2.1. Records provided by a third party relating to Personnel;
7.2.2. Conditions of employment and other Personnel-related records;
7.2.3. Internal evaluation records and other internal records;
7.2.4. Correspondence relating to, or emanating from, Personnel;
7.2.5. Training schedules and material; and
7.2.6. Payment records (and beneficiary payments), including banking details.
Client-Related Records: “Client“ refers to any natural or juristic entity that receives services from our firm.
Client-related records include:
7.4.1. Records provided by a client to a third party acting for or on behalf of our firm;
7.4.2. Records provided by a third party (for example, records from a reseller);
7.4.3. Records generated by or within our firm relating to its clients;
7.4.4. Transactional records;
7.4.5. Correspondence with a client that is implicitly or explicitly of a private or confidential nature
7.4.6. Records pertaining to a client retrieved from other sources.
Private Body Records, which include but are not limited to records pertaining to our firm’s own internal affairs:
7.5.1. Financial records;
7.5.2. Operational records;
7.5.3. Information technology;
7.5.5. Administrative records;
7.5.6. Product records;
7.5.7. Statutory records;
7.5.8. Internal Policies and Procedures; and
7.5.9. Human resources records.
Other Party Records:
Records held by our firm pertaining to other parties, including, without limitation, financial records, correspondence, contractual records, records provided by the other party (for example, third-party beneficiaries or employees of a client), and records third parties have provided about our firm’s contractors/suppliers.
Our firm may possess records pertaining to other parties, including, but not limited to, contractors, suppliers, and service providers, and such other parties may possess records that can be said to belong to our firm.
Regarding POPIA, data must be processed for a specified purpose. The purpose for which our firm processes data will depend on the nature of the data and the particular data subject. This purpose is ordinarily explicitly or implicitly disclosed when the data are collected.
Purpose of Processing
Our firm processes personnel data for business administration purposes. For example, personnel data are processed for payroll purposes. Personnel data are also processed to the extent required by legislation and regulation. For example, our firm discloses employees’ financial information to the Commissioner for the South African Revenue Service, in terms of the Income Tax Act 58 of 1962 and employees’ sensitive personal information regarding the Employment Equity Act 55 of 1998.
Client related data
Our firm processes client-related records as an integral part of its commercial services. For example, our firm processes client-related records during the client application and onboarding processes and for the provision of a service.
This list of processing purposes is non-exhaustive.
Our firm processes third-party records for business administration purposes.
Other Party Data
Our firm processes other party records for business administration purposes. For example, Personnel data may be processed in order to effect payment to contractors and/or suppliers.
In performing these various tasks, our firm may, amongst others, collect, collate, process, store and disclose personal information.
Categories of Data Subjects. Our firm holds information and records on the following category of data subject:
11.1. Employees / Personnel;
11.3. Any third party with whom our firm conducts its business services;
11.6. Service providers.
This list of categories of data subjects is non-exhaustive.
Recipients To Whom Personal Information Will Be Supplied
Depending on the nature of the data, our firm may supply information or records to the following categories of recipients:
Statutory oversight bodies, regulators or judicial commissions of enquiry making a request for data (i.e. the Information Regulator in terms of POPIA);
Any court, administrative or judicial forum, arbitration, statutory commission, or ombudsman making a request for data or discovery in terms of the applicable rules (i.e. the Competition Commission in terms of the Competition Act 89 of 1998);
South African Revenue Services, or another similar authority;
A contracted third party who requires this information to provide services;
Third parties with whom our firm has a contractual relationship for the retention of data (for example, third-party hosting services);
Research/ academic institutions;
Auditing and accounting bodies (internal and external);
Anyone making a successful application for access in terms of PAIA.
Planned Transborder Flows Of Personal Information
Our firm may transfer personal information to a third party who is in a foreign country in order to administer certain services, but may only do so subject to the provisions of POPIA. Thus, internal cross-border transfers, as well as external cross-border transfers of information, are envisaged, subject to the provisions of POPIA.
Our firm takes extensive information security measures to ensure the confidentiality, integrity and availability of personal information in our firm’s possession. Our firm takes appropriate technical and organizational measures to ensure that personal data remain confidential and secure against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Grounds for Refusal of Access to Records
Our firm may refuse a request for information on the following basis:
Mandatory protection of the privacy of a third party who is a natural person, which would involve the unreasonable disclosure of personal information of that natural person;
Mandatory protection of the commercial information of a third party if the record contains:
Trade secrets of that third party;
Financial, commercial, scientific or technical information which disclosure could likely cause harm to the financial or commercial interests of that third party; and
Information disclosed in confidence by a third party to our firm, if the disclosure could put that third party at a disadvantage in negotiations or commercial competition.
Mandatory protection of confidential information of third parties if it is protected in terms of any agreement or legislation;
Mandatory protection of the safety of individuals and the protection of property;
Mandatory protection of records which would be regarded as privileged in legal proceedings;
The commercial activities of our firm, which may include:
Trade secrets of our firm;
Financial, which, if disclosed, could put our firm at a disadvantage in negotiations or commercial competition;
A computer program is owned by our firm and protected by copyright.
Requests for information that are clearly frivolous or vexatious or involve an unreasonable resource diversion shall be refused.
A requester is any person making a request for access to a record of, or held by, our firm. The requester is entitled to request access to information, including information pertaining to third parties, but our firm is not obliged to grant such access. Apart from the fact that access to a record can be refused based on the grounds set out in paragraph 15 above, in order to access information successfully, the requester must fulfil the prerequisite requirements for access in terms of PAIA, including the payment of a request and access fee.
Access Request Procedure
A requester requiring access to information held by our firm must complete the prescribed Access Request Forms, available here: FORM 2 & FORM 3, submit it to the Information Officer at the physical or electronic mail address recorded in paragraph 3.5 and pay a request fee (and a deposit, if applicable). In accordance with section 83(3)(d) of PAIA
To facilitate a timely response to requests for access, all requesters should take note of the following when completing the Access Request Form:
The Access Request Form must be comprehensively completed.
Proof of identity is required to authenticate the requester’s identity. Therefore, in addition to the access request form, requesters must supply a copy of their identification document.
Every applicable question must be answered. If a question does not apply, N/A should be stated in response to that question. If there is nothing to disclose in reply to a particular question, “Nil” should be stated in response.
The Access Request Form must be completed with enough particularity to enable the Information Officer to identify:
220.127.116.11. The record(s) requested;
18.104.22.168. The identity number of the requester;
22.214.171.124. The form of access required if the request is granted;
126.96.36.199. The postal address or fax number of the requester.
The requester must also state that he or she requires the information in order to exercise or protect a right, and clearly state the nature of the right to be exercised or protected. In addition, the requester must clearly specify why the record is necessary to exercise or protect such a right.
If a request is made on behalf of another person, then the requester must submit proof of the capacity in which the requester is making the request to the reasonable satisfaction of the Information Officer.
If an individual cannot complete the prescribed form because of illiteracy or disability, such a person may make the request orally.
The requester will be informed in writing whether access has been granted or denied. If, in addition, the requester requires the reasons for the decision in any other manner, he must state the manner and the particulars required.
Payment Of Fees
Payment details can be obtained from the Information Officer and made via a direct deposit, bank-guaranteed cheque, or postal order. Proof of payment must be supplied when the Access Request Form is submitted.
The prescribed fee is set out below in Annexure 1.
Note that the requester may lodge a complaint to the Information Regulator or an application with a court against the tender or payment of the request fee.
If the search for, and the preparation of, the record for disclosure would, in the opinion of the Information Officer, require more than 6 hours, the requester may be required to pay as a deposit one-third of the access fee (the fee which will be payable if the request is granted).
Note that the requester may lodge a complaint to the Information Regulator or an application with a court against the tender or payment of the deposit.
If a deposit has been paid regarding a request for access, which is subsequently refused, then the Information Officer must refund the deposit to the requester.
The requester must pay the prescribed fee before processing, or further processing can occur.
Our firm must take all reasonable steps to inform a third party to whom or to which a requested record relates if the disclosure of that record would:
involve the disclosure of personal information about that third party;
involve the disclosure of trade secrets of that third party; financial, commercial, scientific or technical information (other than trade secrets) of that third party, the disclosure of which would be likely to cause harm to the commercial or financial interests of that third party; or information supplied in confidence by a third party, the disclosure of which could reasonably be expected to put that third party at a disadvantage in contractual or other negotiations; or to prejudice that third party in commercial competition;
constitute an action for breach of a duty of confidence owed to a third party in terms of an agreement or
involve the disclosure of information about research being, or to be, carried out by or on behalf of a third party, the disclosure of which would be likely to expose the third party, a person that is or will be carrying out the research on behalf of the third party, or the subject matter of the research, to serious disadvantage.
Our firm will inform the third party as soon as reasonably possible, but in any event, within 21 days after that request is received.
Within 21 days of being informed of the request, the third party may:
make written or oral representations to the Information Officer why the request for access should be refused or
give written consent for the disclosure of the record to the requester.
Our firm will notify the third party of the outcome of the request. If the request is granted, adequate reasons for granting the request will be given.
The third party may lodge a complaint to the Information Regulator or an application with a court against the decision within 30 days after notice is given, after which the requester will be given access to the record after the expiry of the 30-day period.
Notification of Decision
Within 30 days of receipt of the request, the Information Officer will decide whether to grant or decline the request and give notice with reasons (if required) to that effect.
The 30-day period, within which our firm has to decide whether to grant or refuse the request, may be extended for a further period of not more than 30 days if the information cannot reasonably be obtained within the original 30-day period. For example, the time period may be extended if the request is for a large amount of information, or if the request requires our firm to search for information held at another office.
The Information Officer will notify the requester in writing should an extension be required. The requester may lodge a complaint to the Information Regulator or an application with a court against the extension.
Remedies Available for Refusals for a Request for Information
All complaints, by a requester or a third party, can be made to the Information Regulator or a court, in the manner prescribed below.
The requester or third party, as the case may be, may submit a complaint in writing to the Information Regulator, within 180 days of the decision, alleging that the decision did not comply with the provisions of PAIA.
The Information Regulator will investigate the complaint and reach a decision – which may include a decision to investigate, take no further action, or refer the complaint to the Enforcement Committee established in terms of POPIA. The Information Regulator may serve an enforcement notice confirming, amending or setting aside the impugned decision, which reasons must accompany.
An application to court may be brought in the ordinary course. For purposes of PAIA, any reference to an application to the court includes an application to a Magistrates Court.
ANNEXURE 1: PRESCRIBED FEES
The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof.
The fees for reproduction referred to in regulation 11(1) are as follows:
For every photocopy of an A4-sized page or part thereof: R1,10
For every printed copy of an A4-sized page or part thereof held on a computer or in electronic or machine-readable form: R0,75
For a copy in a computer-readable form on:
flash drive R70,00
compact disc R70,00
For visual images:
a transcription of visual images, for an A4-size page or part thereof 40,00
For a copy of visual images, R60,0
For an audio record:
For a transcription of an audio record, for an A4-size page or part thereof, R20,00
For a copy on an audio record, R30,00
The request fee payable by a requester, other than a personal requester, referred to in regulation 11(2), is R50,00.
The access fees payable by a requester referred to in regulation 11(3) are as follows:
For every photocopy of an A4-size page or part thereof, R1,10
For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form R0,75
For a copy in a computer-readable form on:
flash drive R70,00
compact disc R70,00
For a transcription of visual images:
for an A4-sized page or part thereof, R40,00
For a copy of visual images, R60,00
For a transcription of an audio record:
For an A4-size page or part thereof, R20,00
For a copy of an audio record, R30,00
To search for and prepare the record for disclosure, R30,00 for each hour or part of an hour reasonably required for such search and preparation.
For purposes of section 54(2) of the Act, the following applies:
Six hours are the hours to be exceeded before a deposit is payable, and
one-third of the access fee is payable as a deposit by the requester.
The actual postage is payable when a copy of a record must be posted to a requester.
Where our firm receives a request for access to information held on a person other than the requester himself/herself and the Information Officer, upon receipt of the request, is of the opinion that the preparation of the required record of disclosure will take more than 6 hours, a deposit is payable to the requester. The amount of the deposit is equal to 1/3 of the amount of the applicable access fee.
Please note: Regarding Regulation 8, Value Added Tax (VAT) must be added to all fees prescribed in the Regulations. Therefore, the fees reflected above are VAT-inclusive.
This page was last updated on 2 November 2023.