Clients Are Getting PAIA Requests, Are You Ready to Help Them Respond?

Written By Leana van der Merwe

This article will count 0.25 units (15 minutes) of unverifiable CPD. Remember to log these units under your membership profile.

Your clients are sitting ducks for PAIA requests, and most of them don’t even know it.

Whether it’s an ex-employee, a supplier with a grudge, or a competitor fishing for info, more and more businesses are receiving formal requests under the Promotion of Access to Information Act (PAIA). If they ignore it or respond incorrectly, they could face fines, regulatory complaints, or a PR mess. And when panic hits, guess who they call?

You.

As a Chartered Business Accountant in Practice, your job isn’t just to prepare financials. It’s to keep your clients out of legal trouble, show them what compliance looks like in the real world, and, wherever possible, turn problems into paid services. Helping them get PAIA right does all three.

What Is PAIA and Why Should Your Clients Care?

PAIA gives people the legal right to request information from any business if they need it to protect or exercise a right. Think contracts, HR records, payment histories, supplier deals, any document that could be relevant in a dispute or decision.

This isn’t just about government entities. Private companies are also on the hook.

If your client receives a PAIA request, they have 30 days to respond. They must either:

  • Hand over the records,

  • Refuse with a legally valid reason, or

  • Ask for an extension with proper documentation.

If they miss deadlines or give a sloppy response, they could land in hot water. That’s where your guidance becomes essential and billable.

Step 1: Do They Need a PAIA Manual?

The first question to ask is: does your client need a PAIA manual?

Here’s the short answer:

  • If they’re a private company and not exempt, yes.

  • If they’re exempt (some small businesses are), they’re off the hook for now, but they still need to know how to respond to requests.

A PAIA manual is a formal document that:

  • Explains what the company does

  • Lists the types of records it holds

  • Shows how people can request those records

  • Names the Information Officer who will handle those requests

It’s meant to be public, usually hosted on the company’s website, and it’s a legal requirement under PAIA.

Add-on service idea: Offer to draft and host the PAIA manual for clients who don’t have one. Charge a once-off fee, and include updates as part of your annual retainer.

Step 2: Help Them Appoint an Information Officer

Every company must appoint an Information Officer which is usually the CEO or MD who is legally responsible for handling PAIA (and POPIA) compliance.

This person needs to:

  • Understand what PAIA requires

  • Know how to respond to requests

  • Sign off on the PAIA manual

  • Liaise with the Information Regulator when needed

Most of your clients haven’t done this properly. Help them formalise it. Offer a one-pager with duties, a training session, or even a retainer to act as their Deputy Information Officer if you’re equipped to do so.

Value-add tip: Help your clients integrate PAIA and POPIA so their compliance efforts don’t clash. Requests for information often contain personal data, so you need to balance access rights with privacy protections.

Step 3: Show Them How to Handle Requests

When a request comes in, your client needs to act fast and smart.

Here’s the flow:

  1. Log the request (date, sender, records asked for).

  2. Confirm receipt with the requester.

  3. Check whether the information is disclosable or protected (e.g. personal, confidential, or trade secrets).

  4. Redact sensitive parts if necessary.

  5. Respond with the decision, including reasons for refusal if applicable.

  6. Keep a paper trail of everything.

The whole thing must happen within 30 calendar days. They can request a 30-day extension if needed, but only for specific reasons (volume, consultations, etc.).

Process booster: Build a simple PAIA request log or checklist they can use internally. Or offer to manage the process for them at a fee.

Make PAIA Work for You

This isn’t red tape. It’s a revenue stream.

Chartered Business Accountants in Practice are perfectly positioned to turn PAIA compliance into a billable, high-trust service. Most clients have no idea what PAIA is until they’re in a bind. That’s your moment to step in, not just as the accountant, but as the compliance partner who keeps their business safe.

What you can offer:

  • PAIA manual drafting

  • Information Officer appointment guidance

  • Staff training

  • PAIA and POPIA process design

  • Request handling and audit trails

This is practical, high-impact work that clients will pay for especially when you explain what’s at stake.

Join CIBA for a CPD on Compliance, Legislation Update here

Think compliance is someone else’s problem? Not anymore.

Clients are getting hit with new filing requirements. SARS is tightening up. CIPC wants more from you. And if you don’t know what’s changed—you’re the one who’s exposed.

🗓️ Join us on 19 June at 14:00 for the CIBA Compliance: Legislation Update
📌 2 CPD Units | R230 VAT incl | Channel 1: Compliance

We’ll walk you through:
✅ What’s new from SARS, CIPC, FIC, FSCA, and PPRA
✅ The latest IFRS, tax and ethics changes that affect your clients
✅ What deadlines are coming—and what happens if you miss them
✅ Where you can turn this into a billable advisory service for your clients

The updates you actually need, in plain language, with support from the CIBA Technical Team.

🎙️ Presented by Eszter Rapanos, Technical Manager at CIBA
🎥 Can’t make it live? We’ve got the recording.

🔗 Book your seat here now and stay ahead of the compliance curve.

 

Trending

Featured
From Scrappy to Smart: The Brave New Rules for Growing Your Business
3 Global Small Biz Trends You Shouldn’t Ignore
Why More Companies Are Choosing to Stay Private

Latest Podcast

Featured
LinkedIn Live Audio - Edward James
Mar 26
LinkedIn Live Audio - Edward James
Leana van der Merwe