Advocate Pansy Tlakula, Chairperson of South Africa’s Information Regulator, reflects on the institution’s remarkable journey in the Annual Performance Plan (2025/26), comparing its growth to the cosmic mystery of creation:
“When physicists attempt to solve the mystery of the creation of the universe, they arrive at the ultimate question: how do you create something from nothing? While physicists continue to grapple with this question, we at the Information Regulator can speak from experience from our own small, institutional universe.”
From humble beginnings in 2016, armed only with the Protection of Personal Information Act (POPIA) and a boardroom, the Regulator has expanded into a 112-person entity with national and global influence.
“This is an achievement of which South Africa must be proud,” says Adv Tlakula.
A Vision for Global Excellence
The 2025/26 Annual Performance Plan aims to position the Regulator as a “world-class organisation in the access to information and protection of personal information universe.”
However, rapid technological and economic shifts present new challenges, particularly in data protection.
Rising Data Breaches Demand Stronger Safeguards
The Regulator remains deeply concerned about escalating security compromises.
In 2024/25, it received 1,727 breach reports, a figure expected to surge to 2,500 by 2025/26.
“Responsible parties remain vulnerable to lapses in the protection of personal information,” warns Adv Tlakula.
To combat this, the Regulator will restructure internal teams, merging expertise from its POPIA and IT Divisions for faster, more effective responses.
PAIA Compliance Crisis: 25 Years of Neglect
Despite the Promotion of Access to Information Act (PAIA) marking 25 years as law, compliance remains dismal:
-
Only 33% of public bodies submitted required reports in 2023/24.
-
A shocking less than 2% of private bodies complied.
-
Just 41% of public bodies registered their Information Officers (IOs), with private sector registration below 2%.
“PAIA is honoured in breach rather than in compliance,” laments Adv Tlakula.
2025/26 Action Plan: Stricter Enforcement & Modernisation
Key initiatives include:
-
Legislative Reforms – Amending PAIA to empower the Regulator with stronger enforcement tools and updated regulations.
-
Awareness Campaigns – Boosting resources for public education on PAIA rights and obligations.
-
Compliance Assessments – Increasing audits of public and private bodies to enforce accountability.
Mission & Vision: Protecting Rights in the Digital Age
The Regulator’s mandate, ensuring privacy and access to information, remains critical as data becomes the lifeblood of the economy. With a vision of becoming a “world-class institution,” its mission is clear: safeguarding South Africans in an evolving digital landscape.
“We will not relent in our efforts to uphold these fundamental rights,” concludes Adv Tlakula.
