Annual Performance Plan 2022/23: Information Regulator's Strategic Focus & Mandate

The Information Regulator's annual performance plan for the 2022/23 financial year outlines its strategic focus, situational analysis, budget, mandates under POPIA and PAIA, and its constitutional mandate. The presentation covers the regulator's vision, mission, and values, along with an analysis of the external environment using the PESTEL framework, highlighting political threats and opportunities. The regulator aims to be a world-class institution in protecting personal information and promoting access to information with transparency, accountability, and integrity.

• Annual Performance Plan
• Information Regulator
• Strategic Focus
• Mandate
• POPIA

jaila Follow

Uploaded on Oct 07, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. INFORMATION REGULATOR ANNUAL PERFORMANCE PLAN FOR THE 2022/23 FINANCIAL YEAR 11 MAY 2022

2. PRESENTATION OUTLINE Information Regulator Mandate Strategic Focus Situational Analysis APP and Quarterly Targets 2022/23 Budget Medium Term Expenditure Framework Enablers to Achieve Targets 2 2

3. PART A : MANDATE OF THE INFORMATION REGULATOR 3

4. OUR MANDATE LEGISLATIVE MANDATE Core functions in terms of POPIA To provide education To monitor and enforce compliance To consult with interested parties To handle complaints To conduct research In respect of codes of conduct : To issue, amend and revoke codes of conduct etc. To facilitate cross border cooperation in the enforcement of the privacy laws LEGISLATIVE MANDATE Core functions in terms of PAIA Handle complaints and conduct investigate. Monitor implementation of PAIA Compile and make available a guide in an easily comprehensible form and manner Develop and conduct educational programmes in particular for disadvantaged communities. Train Information Officers and Deputy Information Officers CONSTITUTIONAL MANDATE The Regulator was established to ensure respect for, and to protect, enforce and fulfil, the right to privacy and the right of access to information. The Regulator is also mandated in terms of POPIA , to issue notices, and to make assessments on whether public and private bodies comply with the provision of PAIA 4

5. PART B: OUR STRATEGIC FOCUS 5

6. STRATEGIC FOCUS Vision A world-class institution in the protection of personal information and the promotion of access to information. Mission An independent institution which regulates the processing of personal information and the promotion of access to information in accordance with the Constitution and the law so as to protect the rights of everyone. Values Transparency, Accountability, Integrity, Excellence, Impartiality, Responsiveness 6

7. EXTERNAL ENVIRONMENTAL ANALYSIS (PESTEL) POLITICAL ECONOMIC SOCIAL TECHNOLOGICAL ENVIRONMENTAL LEGAL 7

8. POLITICAL Threats Implications The listing of the regulator in the Public Finance Management Act (PFMA Independence could be compromised Opportunities New policies and legislation can influence functional, efficient, and integrated State. Implications Collaboration with other entities to enhance implementation of the Regulator s mandate. Policies and bills that are aligned to the mandate of the Regulator. 8

9. ECONOMIC Implications Threats The increase in country s national debt may lead to budget cuts which will have implications on the budget of the Information Regulator The increase in the country s national debt. Opportunities Implications Government initiatives and programmes to revive the economy There would be more work for Regulator. 9

10. SOCIAL Threats Implications High unemployment levels. High security compromise complaints. Limitations that arise out of the disasters (e.g., Covid 19). Inability to execute the Regulator mandate efficiently. Inaccessibility of the Regulator s services Opportunities Implications Increased advocacy around security measures and building resilience. Increased resources to increase advocacy. 10

11. TECHNOLOGICAL Implications Threats Cyber security risks Rapid advancing technology The Regulator s inability to keep abreast with developments in technology. Opportunities Implications Ability to leverage on the technology to support access to information and protection of personal information Ability to adapt to the changes 11

12. ENVIRONMENTAL Threats Implications Global Warming Create a conducive working environment. Opportunities Implications Opportunity to adopt a green posture as an organisation. Business continuity 12

13. LEGAL Threats Implications Low level of compliance and understanding of Legislation Increased number of complaints Opportunities Implications Public awareness programmes and stakeholder engagements should be undertaken. Improved level of compliance. 13

14. INTERNAL ENVIRONMENTAL ANALYSIS (S&W) STENGTHS An approved organisational structure which is aligned to our mandate Critical Vacancies Filled. The Regulator has effective enforcement powers. Qualified Staff A dual mandate of the Regulator encourages a careful balancing of the rights of privacy & access to information in execution of its mandate WEAKNESS Human Resource Capacity in some areas Information and communication technology (ICT) infrastructure Inadequate Office Space Inaccessibility of the Regulator Inadequate processes Lack of approval of Policies for the Regulator 14

15. PART C : INSTITUTIONAL PERFORMANCE APP QUARTERLY TARGETS 15

16. PROGRAMME 1 : PROTECTION OF PERSONAL INFORMATION Purpose: To ensure the promotion and protection of personal information processed by public and private bodies. The following are sub-programmes within this programme a) Compliance and Monitoring This sub-programme is responsible for the monitoring and enforcement of compliance by public and private bodies in accordance with the provisions of POPIA. b) Complaints and Investigations This sub-programme is responsible for the handling of complaints and conducting of investigations in accordance with the provisions of POPIA. 16

17. PROGRAMME 1 : PROTECTION OF PERSONAL INFORMATION Output Indicators Annual Targets 1. Percentage of complex complaints received, investigated and finalised. 2. Percentage of simple complaints received, investigated, and finalised. Quarter 1 15% of complex complaints received, investigated, and finalised Quarter 2 25% of complex complaints received, investigated, and finalised. Quarter 3 35% of complex complaints received, investigated, and finalised. Quarter 4 50% of complex complaints received, investigated, and finalised. 50% of complex complaints received, investigated, and finalised. 100% of simple complaints received, investigated, and finalised. 100% of simple complaints received, investigated, and finalised 100% of simple complaints received, investigated, and finalised. 100% of simple complaints received, investigated, and finalised. 100% of simple complaints received, investigated and finalised. 3. POPIA Compliance Monitoring and Enforcement framework Approved Approved Compliance Monitoring and Enforcement framework Develop Compliance Monitoring and Enforcement framework Approved Compliance Monitoring and Enforcement framework N/A N/A 17

18. PROGRAMME 1 : PROTECTION OF PERSONAL INFORMATION Output Indicators 4.Number of targeted responsible parties monitored on compliance Annual Targets 4 targeted responsible parties monitored on compliance Quarter 1 Quarter 2 Quarter 3 Quarter 4 - - 2 2 5. Application for Codes of Conduct finalised within the prescribed time frame Applications for Codes of Conduct finalised within 13 weeks from the date of receipt 100% of applications for prior authorisation processed Applications for Code of Conduct finalised within 13 weeks from the date of receipt 100% of applications for prior authorisation processed Applications for Code of Conduct finalised within 13 weeks from the date of receipt 100% of applications for prior authorisation processed Applications for Code of Conduct finalised within 13 weeks from the date of receipt Applications for Code of Conduct finalised within 13 weeks from the date of receipt 6.Percentage of applications for prior authorisation processed 100% of applications for prior authorisation processed 100% of applications for prior authorisation processed 18

19. PROGRAMME 1 : PROTECTION OF PERSONAL INFORMATION Output Indicators Annual Targets Quarter 1 Quarter 2 Quarter 3 Quarter 4 7. Percentage of applications for Exemption from POPIA 100% of applications for Exemption from POPIA 100% of applications for Exemption from POPIA 100% of applications for Exemption from POPIA 100% of applications for Exemption from POPIA 100% of applications for Exemption from POPIA 8. Percentage of Information Officers and deputy information officers registered as prescribed 100% Information Officers and deputy information officers registered as prescribed 100% Information Officers and deputy information officers registered as prescribed 100% Information Officers and deputy information officers registered as prescribed 100% Information Officers and deputy information officers registered as prescribed 100% Information Officers and deputy information officers registered as prescribed 19

20. PROGRAMME 1 : PROTECTION OF PERSONAL INFORMATION Output Indicators Annual Targets Quarter 1 Quarter 2 Quarter 3 Quarter 4 9. Approved and implemented Rules of procedure relating to the manner in which any POPIA matters or POPIA complaints must be referred and handled by the Enforcement Committee Approved and implemented Rules of procedure relating to the manner in which any POPIA matters or POPIA complaints must be referred and handled by the Enforcement Committee Draft Rules of procedure relating to the manner in which any POPIA matters or POPIA complaints must be referred and handled by the Enforcement Committee Approved and implemented Rules of procedure relating to the manner in which any POPIA matters or POPIA complaints must be referred and handled by the Enforcement Committee N/A N/A 20

21. PROGRAMME 2 : PROMOTION OF ACCESS TO INFORMATION Purpose: To ensure the effective promotion, protection, monitoring and implementation of the constitutional right of access to any information held by the State and any information that is held by another person and that is required for the exercise or protection of any rights. The following are sub-programmes within this programme a) Complaints and Investigations The sub-programme is responsible for the handling of complaints and conducting of investigations in accordance with the provisions of PAIA. It comprises the following functions: b) Compliance and Monitoring The sub-programme conducts monitoring and enforcement of compliance by public and private bodies in accordance with the provisions of PAIA. 21

22. PROGRAMME 2 : PROMOTION OF ACCESS TO INFORMATION Output Annual Quarter 1 Quarter 2 Quarter 3 Quarter 4 Indicators 10.Percentage of complaints received, investigated and finalised. Targets 50% of complex complaints received, investigated and finalised. 15% of complex complaints received, investigated and finalized 25% of complex complaints received, investigated and finalised. 35% of complex complaints received, investigated and finalised. 50% of complex complaints received, investigated and finalised. 11.Percentage of simple complaints received, investigated, and resolved . 100% of simple complaints received, investigated, and resolved. 100% of simple complaints received, investigated, and resolved. 100% of simple complaints received, investigated, and resolved. 100% of simple complaints received, investigated, and resolved. 100% of simple complaints received, investigated, and resolved. 22

23. PROGRAMME 2 : PROMOTION OF ACCESS TO INFORMATION Output Indicators 12.Approved and implemented Rules of procedure relating to the manner in which any PAIA matters or PAIA complaints must be referred and handled by the Enforcement Committee Annual Targets Approved and implemented Rules of procedure relating to the manner in which any PAIA matters or PAIA complaints must be referred and handled by the Enforcement Committee Quarter 1 Approval of Rules of procedure relating to the manner in which any PAIA matters or PAIA complaints must be referred and handled by the Enforcement Committee Quarter 2 N/A Quarter 3 N/A Quarter 4 N/A 23

24. PROGRAMME 2 : PROMOTION OF ACCESS TO INFORMATION Output Indicators Annual Targets 13.Number of targeted Public and Private Bodies monitored on compliance. Quarter 1 15 targeted public and private bodies monitored on compliance. Quarter 2 24 targeted public and private bodies monitored on compliance. Quarter 3 27 targeted public and private bodies monitored on compliance. Quarter 4 30 targeted public and private bodies monitored on compliance. Full implementati on of the approved PAIA Compliance Framework 96 targeted public and private bodies monitored on compliance. 14.Approved and implemented Compliance, Monitoring and Enforcement Framework Compliance, Monitoring and Enforcement Framework approved and implemented Tabling of the PAIA Compliance Framework at EXCO Tabling of the PAIA Compliance Framework for approval at Compliance and Monitoring Committee and Ordinary Meeting. Full implementatio n of the PAIA Compliance Framework 24

25. PROGRAMME 3: EDUCATION AND COMMUNICATION Purpose: To provide strategic direction for the promotion of the right of access to information and the right to privacy (through the protection of personal information) by providing quality services in research and policy analysis, education, public awareness, stakeholder engagement, and communication The following are sub-programmes within this programme a) Education and Public Awareness: This sub-programme is responsible for the design, development and provision of education and public awareness activities. b) Regulator s engagements with stakeholders nationally and internationally. Stakeholder Engagement: This sub-programme is responsible for coordinating the c) Communication and Media Relations: This sub-programme is responsible for providing internal and external communication, media relations, public liaison and branding services. d) Policy and Research: This sub-programme manages the development of policy and the conducting of applied research 25

26. PROGRAMME 3: EDUCATION AND COMMUNICATION Annual Targets Output Indicators Quarter 1 Quarter 2 Quarter 3 Quarter 4 15. Percentage of the nationally-representative sample of the population who are aware of their rights to privacy (as it relates to protection of personal information). Research report indicating 5% awareness about the right to privacy Draft research proposal and sign off. Data collection and analysis Draft research report issued for review Research report finalised 16. Percentage of the nationally-representative sample of the population who are aware of their right of access to information. Research report indicating 5% awareness about the Draft research proposal and sign off. Data collection and analysis Draft research report issued for review Research report finalised 17. The number of education programmes conducted to promote the protection of personal information. 7 1 2 2 2 26

27. PROGRAMME 3: EDUCATION AND COMMUNICATION Annual Targets Quart er 4 Output Indicators Quarter 1 Quarter 2 Quarter 3 18. The number of education programmes conducted to promote access to information 7 1 2 2 2 19. Number of public awareness programmes conducted on Information Rights at community levels 34 9 9 8 8 20. Number of stakeholder engagement sessions conducted. 48 cluster sessions 12 cluster sessions 12 cluster sessions 12 cluster sessions 12 cluster sessions 21. Number of international cooperation programmes conducted. 8 2 2 2 2 22. Number of research reports finalised 1 Draft research proposal Data collection and analysis for the research report Draft research report issued for review 1 research report 27

28. PROGRAMME 4: LEGAL SERVICES Purpose: To provide legal support to the Regulator, to ensure proper application and interpretation of POPIA and PAIA in accordance with section 40(1)(b)(iii) of POPIA. The division also examines any proposed legislation, including subordinate legislation, or proposed policy of the Government that the Regulator considers may affect the protection of the personal information of data subjects. 28

29. PROGRAMME 4: LEGAL SERVICES Output Indicators Annual Targets Quarter 1 Quarter 2 Quarter 3 Quarter 4 23. Percentage of Legal Opinions rendered and finalised 24. Percentage of contracts vetted and drafted 100 % legal opinions rendered and finalized 100% of contracts vetted and drafted 100% litigation matters successfully managed 100 % legal opinions rendered and finalised 100% of contracts vetted and drafted 100% litigation matters successfully managed Desktop research conducted on proposed relevant legislation 100% legal opinions rendered and finalised 100% of contracts vetted and drafted 100% litigation matters successfully managed 2 proposed relevant legislation examined and report submitted 100% legal opinions rendered and finalised 100% of contracts vetted and drafted 100% litigation matters successfully managed 2 proposed relevant legislation examined and report submitted 100% legal opinions rendered and finalised 100% of contracts vetted and drafted 100% litigation matters successfully managed 2 proposed relevant legislation examined and report submitted 25. Percentage of litigation matters successfully managed 26. Number of proposed relevant legislation examined, and report submitted 6 proposed relevant legislation examined, and report submitted 29

30. PROGRAMME 5 : ADMINISTRATION Purpose: To provide effective and efficient leadership, corporate and financial support services in the Information Regulator. List of Sub-Programmes: The following are sub-programmes within this Programme: a) Office of the Chief Executive Officer Sub-programme is responsible to provide effective and efficient strategic leadership in the financial and administrative functions of the Regulator. b) Corporate Services Sub-programme This responsible for providing support services in relation to Human Resources, Administrative Services and Information and Communication Technology (ICT). c) Finance Sub-programme is responsible for providing Financial Management and Supply Chain Management services. 30

31. PROGRAMME 5 B: CORPORATE SERVICES Annual Targets 80 % Output Indicators Quarter 1 Quarter 2 Quarter 3 Quarter 4 80 % 27. Percentage Implementation of the HR Plan achieved 20 % 40 % 60 % 28. Lower % of Vacancy rate 10% 25% 20% 15% 10% 29. Percentage Implementation of ICT Plan 80% 20 % 40 % 60 % 80 % 30. Number activities in the Records Management Plan implemented 16 4 4 4 4 31

32. PROGRAMME 5 B: CORPORATE SERVICES Output Indicators 31. Facilities management plan approved Annual Targets Quarter 1 Quarter 2 Quarter 3 Quarter 4 Approval of the Facilities Management Plan Approved facilities management plan Develop the facilities management plan Consultation with MANCO and EXCO Tabling at Corporate Services Committee 32. Number of research report on technological changes affecting protection of personal information 1 research report on technological changes affecting protection of personal information Draft a research proposal Approval of research proposal Conduct research Present research report 32

33. PROGRAMME 5 C: FINANCE Output Indicators 33. Percentage expenditure on allocated budget annually for goods and services and machinery and equipment. Annual Targets Quarter 1 Quarter 2 Quarter 3 Quarter 4 95% of the budget allocation for the quarter spent on Goods and Services and Machinery and Equipment 95 % Annual expenditure reports indicating expenditure on Goods and Services and Machinery and Equipment 65% of the budget allocation for the quarter spent on Goods and Services and Machinery and Equipment 75% of the budget allocation for the quarter spent on Goods and Services and Machinery and Equipment 85% of the budget allocation for the quarter spent on Goods and Services and Machinery and Equipment 34. Percentage completion on annual procurement plan 95 % of planned procurement completed 80% of the planned procurement for the quarter 85 % of the planned procurement for the quarter 90 % of the planned procurement for the quarter 95 % of planned procurement for the year completed. 33

34. BUDGET 2022/23 The Regulator s mandate is to ensure respect for and to promote, enforce and fulfil the right to privacy as it relates to the protection of personal information and the right of access to information. The Regulator has been allocated amount of R100 609 million for the 2022/23 financial year. o R71 875 million is allocated for Compensations of Employees, o R23 029 is allocated for Goods and Service, and o R5 705 is allocated for Capital Assets The major spending focus of the Regulator will therefore be on implementing the ICT Strategy. 16

35. 2022 MTEF BUDGET ALLOCATIONS 2021/22 R'000 2022/23 R'000 2023/24 R'000 100 257 75 304 24 953 106 526 2024/25 R'000 104 759 78 685 26 074 111 310 Economic Classification Current payments Compensation of Employees Goods and Services Payments for Capital Assets Machinery and Equipment TOTAL Year on Year Growth 82 022 61 474 20 548 5 152 5 152 87 174 94 904 71 875 23 029 5 705 5 705 100 609 13% 6 269 6 269 6 551 6 551 6% 4% 35

36. 2022/23 COMPENSATION OF EMPLOYEES BUDGET COMMITMENTS COMPENSATION OF EMPLOYEES TOTAL COMPENSATION OF EMPLOYEES BUDGET APRIL 2022 COE EXPENDITURE PROJECTED COE EXPENDITURE FOR 2022/23 TOTAL COST OF FUNDED VANCANT POSTS TO BE FILLED TOTAL PROJECTED COE EXPENDITURE FOR THE YEAR 2022/23 PROJECTED COE UNDER SPENDING FOR THE YEAR 2022/23 GRAND TOTAL 2022/23 BUDGET 71 875 000 4 875 628 53 631 907 8 432 708 66 940 243 4 934 757 71 875 000 ex36

37. BREAKDOWN OF VACANT FUNDED POST TO BE FILLED PROJECTED 5%SALARY INCREASE SALARY LEVEL NOTCH/SALARY PACKAGE NP CASH ALLOWANCE TOTAL COST TO THE EMPLOYER POSITION NO 11 744 255,00 R R 37 212,75 R 19 680,00 R 801 147,75 1 MANAGER: OFFICE THE CHAIRPERSON SENIOR COMPLAINCE AND MONITORING OFFICER 11 744 255,00 R R 37 212,75 R 19 680,00 R 801 147,75 2 13 1 073 187,00 R R 53 659,35 R - R 1 126 846,35 3 SENIOR MANAGER : DATA BREACH SENIOR MANAGER: COMPLAINTS AND INVESTIGATIONS: POPIA 13 1 073 187,00 R R 53 659,35 R - R 1 126 846,35 4 14 1 269 951,00 R R 63 497,55 R - R 1 333 448,55 5 CHIEF LEGAL OFFICER (CLO) 15 1 544 415,00 R R 77 220,75 R - R 1 621 635,75 6 EXECUTIVE: POPIA 7CHIEF FINANCIAL OFFICER (CFO) 15 1 544 415,00 R R 77 220,75 R - R 1 621 635,75 TOTAL 7 993 665,00 R 399 683,25 R R 8 432 708,25 ex37

38. 2022/23 GOODS & SERVICES BUDGET COMMITMENTS AND DIVISIONAL ALLOCATIONS COMMITMENTS & ALLOCATIONS TOTAL GOODS AND SERVICES LESS COMMITMENTS SITA SYSTEM DEVELOPMENT SITA CLOUD HOSTING OPERATING LEASES (R352 307 pm) PROPERTY PAYMENTS ADDITIONAL OFFICE SPACE TOTAL AVAILABLE GOODS AND SERVICES POPIA DIVISION PAIA DIVISION EDUCOM ADMINISTRATION OTHER GRAND TOTAL 2022/23 BUDGET 23 029 000 18 004 392 - 8 151 797 3 606 655 4 227 696 1 018 244 1 000 000 5 024 608 1 250 000 1 250 000 1 250 000 1 000 000 23 029 000 274 608 ex38

39. 2022/23 MACHINERY & EQUIPMENT BUDGET BREAKDOWN COMMITMENTS & ALLOCATIONS TELECOM EQUIPMENNT - NETWORK LAN TELECOM EQUIPMENNT - EQUIPMENNT OFFICE EQUIPMENNT OFFICE FURNITURE COMPUTER HARD & SYSTEMS - DESKTOP COMPUTER HARD & SYSTEMS - LAPTOP COMPUTER HARD & SYSTEMS - SERVER/ MAINFRAME COMPUTER HARD & SYSTEMS - TABLET PC TRANSPORT EQUIPMENT: MOTOR VEHICLE FINANCE LEASES OTHER MACH & EQUIP LIBRARY BOOKS OTHER MACHINERY & EQUIPMENT GRAND TOTAL 2022/23 BUDGET 400 000 500 000 500 000 535 000 500 000 1 100 000 400 000 500 000 350 000 420 000 400 000 102 000 5 707 000 ex39

40. Outcome: Access to information Recent significant amendments of PAIA requires the Regulator to develop and conduct educational programmes to advance the public understanding, in particular the disadvantaged communities, of how to exercise their constitutional rights of access to any information held by the public or private bodies. The Regulator is currently using ineffective manual system to manage or handle complaints. The Regulator intends to deploy, in this current financial year, the Complaints Management System to ensure- proper management of records electronically. ENABLERS TO ACHIEVE TARGETS The integrity and confidentiality of information to prevent loss of damage to or unauthorised destruction of information, and unlawful access to or processing of information. an efficient complaints management process. 40

41. Outcome: Protection of personal information The POPIA Compliance, Monitoring and Enforcement Framework, once approved, will provide a foundation for the Regulator s mandate to effectively promote the protection of personal information and dissuade responsible parties from unlawfully processing the personal information of data subjects ENABLERS TO ACHIEVE TARGETS Agreements with training service providers and universities on partnerships with the Regulator to develop and provide educational programmes on POPIA 41

42. QUESTIONS 42