Records Management and the Law By Matshediso Dlamini Auditor General of South Africa 28 November 2012

Introduction Records Management is affected by various laws in various ways. Over 800 laws regulate recordkeeping. About 200 of these laws are applicable in the public sector. No consolidated recordkeeping laws in South Africa. Compliance is challenging. All record management professionals should know the legislation.

So why go to the trouble? Reason 1 all entities concerned with good governance must comply with the law. Almost all legislation contains a number of record retention obligations. Legislation is one of the major drivers of the demand for the services

So why go to the trouble? Reason 2 effective record retention management usually translates into a significant cost saving. to avoid saving and archiving more records and data than is required by law.

So why go to the trouble? Reason 3 All organisations are subject to policies and legislation aimed at the transformation of the country’s economy. Legislation impacts on employment practices

Questions? Is your organisation certain of the records management legislation that affects it? Do you ever feel as though your outsourced off site storage costs are high? Can you easily locate records you require within your organisation? Would you find it difficult to provide an individual with a complete report of all the information your organisation holds on him/her? Is there a records classification system within your organisation? Does your organisation have a clear understanding of who has the authority to request records from them? Does your organisation have a records retention schedule?

Regulatory Records Management framework in SA Constitution of the Republic of South Africa, 1996 NARSA (Act No. 43 of 1996) PAIA, 2000 (Act No. 2 of 2000) PAJA(Act No. 3 of 2000) PFMA(Act No. 1 of 1999) MFMA (Act No. 56 of 2003) Companies Act (No. 71 of 2008) ECTA(Act No. 25 of 2002) MISS(1996) POPI Bill POI Bill

Constitution of South Africa (1996) Sections 141 and 195 (1) (f) of the Constitution of South Africa (1996) determine that governance should be accountable and transparent - Section 195 provides amongst others for the: effective, economical and efficient use of resources; provision of timely, accessible and accurate information; and requires that the public administration must be accountable. can only be achieved if information is managed in a manner that facilitates this accountability.

NARSA(no. 43, 1996) as amended, and Provincial Archival legislation promulgated in terms of Schedule 5 of the Constitution to to enable the early identification of public records that are part of the archival heritage. govern the way in which records are created, managed and cared for in all governmental bodies. Provides for the National and Provincial Archivists to determine the conditions subject to which records are created. Provides for the appointment of a records manager to manage the records of public bodies.

Promotion of Access to Information Act (PAIA) provides the framework and procedures for citizens’ exercise of their constitutional right to information promote transparency, accountability and effective governance by empowering and educating the public To understand and exercise their rights To understand the functions and operations of governmental bodies To effectively scrutinise and participate in the decision making processes of government that impacts on their rights All bodies are obliged to provide information to the public

PAJA The purpose of the Act is to ensure that administrative action is lawful, reasonable and fair and properly documented. public servants are obliged to create records that are authentic and reliable to serve as evidence of decisions and actions. Those that fail to create proper records of integrity might not be able to prove that their actions and decisions were fair and lawful.

PFMA (no. 1 of 1999) and MFMA (no. 56, 2003) The objectives of the Act are to regulate financial management in the public sector to prevent corruption by ensuring that all governmental bodies manage their financial and other resources properly. PFMA Section 36(2) provides for the head of a public sector department to be the accounting officer for that department and one of the responsibilities of this officer is to keep full and proper records of the department’s financial affairs in accordance with generally recognised accounting practices.

PFMA (no. 1 of 1999) and MFMA (no. 56, 2003) PFMA Section 40(1) states that the accounting officers of governmental bodies are also required to keep full and proper records of the financial affairs in accordance with prescribed norms and standards. Without sound records management, and without complete records, senior managers will not be able to present reliable and accurate financial statements to the Auditor-General. (MFMA) The municipal manager must ensure that full and proper records of the financial affairs of the municipality are kept in accordance with any prescribed norms and standards and must ensure reasonable protection of the assets and records of the municipality.

Companies Act (no. 71, 2008) not specifically designed to regulate records-keeping practices in private bodies, obliging private companies to keep specific types of records in an accessible form for a specific period of time, the Act also regulates access to company records in conjunction with the Promotion of Access to Information Act, 2000.

Companies Act (no. 71, 2008) Under this act, companies are obliged to keep the following records: Incorporation records (Indefinitely) Information regarding directors (7 years) Access to information – in accordance with PAIA Accounting records Records of all liabilities and obligations Records of all revenue and expenditures Reports (7 years) Minutes of directors and committee meetings (7 years)

ECTA enable and facilitate electronic communications and transactions acknowledge the importance of such information for economic and social prosperity promote legal certainty and confidence in electronic communications and transactions promote e-government services and electronic communications and transactions to give legal recognition to data messages aimed at ensuring that records created in or converted to electronic form are created, managed and stored in trustworthy electronic systems

MISS Information security deals with the protection of information, in its electronic and paper-based forms, as it progresses through the information lifecycle for capture, processing, use, storage, and destruction. Minimum Information Security Standard provides for records to be classified according to their levels of sensitivity.

POPI Bill no. 9, 2009 Personal information is any information capable of identifying an individual, such as medical records, tax records, census records, bank records, information on purchasing habits and property ownership. The purpose of POPI is to lay down guidelines regarding the collection, storage and processing of personal information by the public and private sectors. The right to privacy is enshrined in Section 14 of the Constitution as well as in Chapter VIII of the ECTA and Chapter IV of PAIA.

POI Bill no 28, 2008 The purpose of this Bill is to design a coherent approach to the protection, classification and declassification of government information. The intention is to work in conjunction with archival legislation to manage and preserve records and protect national security. This Bill defines a much wider area of responsibility for proper information management than the NARS Act and its provincial equivalents

Questions /Comments Thank You!