Information Regulator publishes its PAIA Manual

​The Information Regulator has published its manual, setting out how requests for access to information can be made to it, the categories of records that it holds, and how it processes personal information

On 3 November 2021, the Information Regulator (the Regulator) published its manual as required by the Promotion of Access to Information Act, 2000 (PAIA).  The manual sets out the types of information held by the Regulator and how to obtain or apply for access to them.

An organogram of the structure of the Regulator and the functions performed by its divisions and units are included in the manual.  The manual identifies Mr Mosalanyane Mosala and Ms Varsha Sewlal as the Regulator's information officer and deputy information officer, respectively. Requests for access to information are to be made to the information officer in the manner prescribed in the manual, which largely mirrors section 18 of PAIA and section 23 of the Protection of Personal Information Act, 2013. The manual provides that the decisions of the information officer/s in this regard may be appealed and sets out the relevant procedure and prescribed forms to do so.

The manual also sets out the various categories of records held by the Regulator and identifies those categories which the Regulator may refuse access to, such as confidential client communications and internal communiqués. Categories of information which are available without having to request access are also identified.

The nature and extent of all processing of personal information undertaken by the Regulator is described in the manual. Specific categories of data subjects and the personal information that the Regulator processes about them are identified, along with the purposes of all processing. The manual includes details of the third parties to whom it transfers data subjects' personal information, such as complainants, service providers, regulatory authorities, law enforcement agencies and the Courts.  The Regulator states that it currently does not intend to transfer any personal information offshore.

The manual provides some useful insights into the information security measures taken by the Regulator, which include access control; data encryption; data backups; and anti-virus and anti-malware solutions (among others).


These materials are provided for general information purposes only and do not constitute legal or other professional advice. While every effort is made to update the information regularly and to offer the most current, correct and accurate information, we accept no liability or responsibility whatsoever if any information is, for whatever reason, incorrect, inaccurate or dated. We accept no responsibility for any loss or damage, whether direct, indirect or consequential, which may arise from access to or reliance on the information contained herein.

© Copyright Webber Wentzel. All Rights reserved.

Webber Wentzel > News > Information Regulator publishes its PAIA Manual
Johannesburg +27 (0) 11 530 5000
Cape Town +27 (0) 21 431 7000
Validating email against database, please wait...
Validating email: please wait...
Email verified: Please click the confirmation link sent to your mailbox, also check junk/spam folder. If you no longer have access to this email address or haven't received the verification email then email
Email verified: You are being redirected to manage your subscription
Email could not be verified: Please wait while you are redirected to the Subscription Form
Unanticipated error: Saving your CRM information Subscription Form