During June 2017 the Information Regulator South Africa (IRSA) released a number of documents on its web site which give an insight into how the IRSA will conduct its work in the coming years.
In this article we will take a look at the Strategic Plan, incorporating the Annual Performance Plan and see what we can learn about the IRSA and the status of the Protection of Personal Information Act (POPIA) and Promotion of Access to Information Act (PAIA) which fall under the responsibility of the IRSA. In a later article we will look at the various committees that have been established by the IRSA. Before we start it is worth remembering that as the IRSA is an arm of government the approach and terminology used is more aligned to government-speak than that familiar to a commercial or non-state owned entity.
Strategic Plan, incorporating the Annual Performance Plan
This thirty one page document covers the period 2017-2020. This is shorter than the usual five year period used by government entities as the IRSA is entering into operation part way through the current SA government planning cycle. The first point of interest is that there appears to be an attempt to seek independent insight in the assistance sought from the Monitoring and Evaluation Unit of the Department of Telecommunications and Postal Services in the development of the plan, as is referred to in the “Foreword” signed by the IRSA Chairperson.
The Vision, Mission and Values are laid out in the Strategic Plan and hold no surprises given the mandate of the IRSA. As part of the mandate the core functions are listed (Part A, section 4), in line with the POPIA and PAIA remit of the IRSA and are worth mentioning here:
• Mandate for POPIA: provide education; monitor and enforce compliance; to consult with interested parties; to handle complaints; to conduct research; codes of conduct; facilitate cross-border co-operation.
• Mandate for PAIA: complaints; investigations; assessments of compliance; a list of more than a dozen “additional functions” including both educational and operational issues.
The final item listed under the mandate is the requirement to submit an annual report to the national assembly.
None of this coverage of the mandate is particularly revealing, except the strange imbalance in the way the mandate for POPIA and PAIA have been presented. One might have expected a balanced approach to presenting the mandate in terms of the focus on education, compliance monitoring and other issues for both pieces of legislation. For example we see the term “enforce compliance” being used in relation to POPIA and not being used in the same way in relation to PAIA. Another inconsistency is the explicit emphasis on training Information Officers and Deputy Information Officers under the PAIA mandate and no such explicit reference under POPIA. Could this be a statement of intent or a mere oversight? A similar inconsistency is the involvement of the Public Protector under PAIA but no similar mention of the Public Protector under POPIA. Perhaps the reasons for these inconsistencies will become clear later?
Section 5 of the Strategic Overview focuses on planned initiatives. There are five areas that are listed that the IRSA will be treating as priorities:
• The adoption of the Regulations
• Codes of conduct needs assessment
• Stakeholder engagement
• Analysis of legislation that impacts on its operating environment
A major disappointment is that these initiatives are stated without reference to POPIA or PAIA specifically, and only by implication can be seen to apply more directly to POPIA. What is absent is any sense that enforcement action is a priority (for either POPIA or PAIA), suggesting a less aggressive approach than some have anticipated.
A curious anomaly in terms of a conventional strategic plan is part A section 6 (Litigation) which is presented more as a report back on recent activity than a commitment to be involved in future litigation as part of a strategic commitment.
Section 7 covers the situational analysis. The first two sections focus on the internal procedural matters of interest to the IRSA (performance and organisational environment) and add no value in terms of the external environment, in particular global influences on the performance of a national information regulator and the external political, economic, social, legislative and other influences it operates under. The final part of section 7 covers the IRSA strategic planning process. Sadly therefore the situation analysis adds little value in terms of the local (national) regional (SADC) or continental (AU) context for the work of the IRSA.
Section 8 claims to cover the high level governance structure. Sadly, given the launch the King IV Report and Code™ in the month prior to the IRSA taking office, there is no acknowledgement of then overall approach to ensuring effective governance as outlined in King IV™. Given the intense focus on the performance of the Chairperson of the IRSA in her previous position at the IEC one might expect a more proactive approach to establishing the legitimacy of the IRSA as a governance outcome. In fact section 8 presents more of an organisation chart than a governance structure.
Section 9 covers the budget overview and mid-term expenditure estimates. These clearly demonstrate that the IRSA will be severely limited in its abilities to deliver on its mandate unless there is a significant change to the budget for the period covered. With compensation of employees pegged at a flat R17,486,000.00 for each year from 2017/18 to 2019/2020 there is little chance that the highly knowledgeable, skilled and experience staff required will grow in any meaningful way for the foreseeable future.
The final part of the Strategic Overview (Part A of the document) covers in section 10 strategic outcome oriented goals. There are seven goal listed, and in the next article we will look at these in relation to the strategic objectives and annual performance plan that make up parts B and C of the overall strategic plan document.