Information Law & Data Protection


Most organisations use information technology to efficiently conduct business. While these advances have provided tremendous advantages, the integration of business, technology and data usage raises novel and complex legal issues and has necessitated the need for increased regulation. As such, a highly regulated environment has emerged where every single sector is affected because anyone and any entity, private or public that collects information is regulated.

Information law encompasses legal services focused on information technology and the collection, processing, transmission, security, storage and disposal of digital and hard copy repositories of information.

The access to and control of information is regulated by a number of pieces of legislation. These are, The Promotion of Access to Information Act (PAIA), Electronic Communications and Transactions Act (ECTA), Regulation of Interception of Communications and Provision of Communication – Related Information Act (RICA), the National Credit Act and the National Health Act. Personal Information will be regulated and protected by the Protection of Personal Information Bill (POPI).

The members of Webber Wentzel's Information Law and Data Protection Group are specialists in information law, privacy, data protection and information governance in South Africa. We are able to advise on all aspects of information law including the regulatory environment, employment environment and the accessing and processing of all personal information. The group is well acquainted with relevant legislation and works regularly in its application in the Banking Industry, Health Industry, Aviation Industry and Media Industry.


The POPI Bill was approved by the Portfolio Committee on Justice and Constitutional Development (the Committee) on 5 September 2012. This is the first step towards the introduction of a new data protection regime for South Africa and follows a lengthy period of deliberation on the Bill by the Committee.

The Bill will now be considered and is likely to be passed by the National Assembly before being referred to the National Council of Provinces (NCOP) for consideration. Thereafter it will be signed into law. It is anticipated that this process could take anything from one to six months. Once finalised the Bill provides for a one year grace period before its provisions become effective. This will allow organisations some time to become compliant.

POPI will have a significant impact on how companies collect, store and disseminate personal information. We are closely monitoring the progress of the Bill and circulate regular brief snapshots on POPI, focusing on key areas and practical implementation issues. If you do not receive these and wish to subscribe for them, please click here. If you wish to read our previous snapshots, please click here.

We are able to provide advice on POPI, including the following:

  • providing an accessible introduction to this law and how it will affect your business;
  • advice on how to comply with POPI, including audits and compliance reviews of your business;
  • advising on the risks of cross border transfers of data and measures that should be in place prior to the data transfer;
  • advising on unauthorised disclosures;
  • drafting compliance manuals, including data protection policies;
  • drafting privacy policies;
  • drafting email policies;
  • advising and assisting with 'personal information' notifications; and
  • advising on disputes regarding breach of confidential information;
  • training on all aspects of POPI

Click here to read the section on "Protection of Personal Information" in Investing in South Africa.

Key Contacts
+27 11 530 5200
Employment, Health and Safety Practice
+27 11 530 5232
Dispute Resolution
Dario Milo

Related Articles