Protection of Personal Information (POPIA) & the Right to Access to Information (PAIA)

Disclaimer & Website Terms of Use


Introduction to PAIA

The Promotion of Access to Information Act, 2000

Enforced by the Information Regulator

PAIA regulates the access to records held by public and private institutions, and upholds the constitutional right to access to information.

Access to information and protection of (personal) information are two sides of the same coin. The former encourages transparency, openness and the free flow of data. The latter attempts to restrict that flow. The former is a founding principle in democratic societies where citizens need to be able to inform themselves. The latter is a founding principle of liberal societies where individuals autonomously control which information about them may be shared and used. Both rights may clash, and therefore need to be balanced with one another …

While there are some administrative and procedural requirements in terms of POPIA and PAIA, it is important to remember that these are not central to what they are trying to accomplish. What is central is their requirement to manage information respectful of the interests of data subjects and informed citizens.


How is PAIA different from POPIA?
  1. 1 / the information PAIA promotes the access to, is not necessarily “personal information” as defined in POPIA – it can be any information.
  2. 2 / one does not need to give a reason to request access to “personal information” – POPIA’s right to access information about oneself is a right in its own. However, to request access to “information” in terms of PAIA, one needs to show that this access is required to exercise or protect another right.
  3. 3 / a POPIA request to access information about oneself cannot be refused. A PAIA request may be refused for a number of reasons, including the protection of third parties or confidential information (ss62 – 69 PAIA).