The Information Officers Association was established over five years ago to support information officers in developing the skills necessary to perform their duties under the Protection of Personal Information Act (POPIA).
The Information Officers Association has been proactive in providing information officers with guidance notes and commentary on the requirements of POPIA, new regulations, and codes of conduct for the Protection of Personal Information Acy. Another way it is supporting information officers is by determining "job practice areas" to create a sound basis for assessing competence with respect to the Protection of Personal Information Act.
It is necessary under POPIA that information officers have the skills to encourage compliance, by the body, with the conditions for the lawful processing of personal information and are able to assist data subjects with their requests. In the Guidance Note on Information Officers and Deputy Information Officers issued by the Information Regulator, it is "recommended that an Information Officer and Deputy Information Officer(s) receive appropriate training and keep abreast of the latest developments in POPIA and PAIA". The Information Regulator however does not provide training.
Consequently, the Information Officers Association, in collaboration with an international data protection certification scheme owner, has used the POPIA job practice areas to develop a competency assessment for information officers in South Africa. The Certified Personal Information Officer (CPIO®) assessment provides information officers with a way to determine whether they have sufficient knowledge of data protection practices and the skill to perform their duties and identify areas where they should improve their expertise.
A wide assortment of information sources are available to assist information but none are complete. The information officer must make use of several international sources of information and training courses to develop all the skills needed. A CPIO assessment assists information officers in determining where there might be gaps in their knowledge of data protection best practices they need to perform their duties with respect to the Protection of Personal Information Act.
