The Regulator must have regard to the guidelines as set out in section 7(3)(a) to (d) when considering the approval of a code of conduct for the processing of personal information for exclusively journalistic purposes where the responsible party is not subject to a code of ethics as referred to in section 7(1). retention of the record is required or authorised by law; the responsible party reasonably requires the record for lawful purposes related to its functions or activities; retention of the record is required by a contract between the parties thereto; or. not to have his, her or its personal information processed for purposes of direct marketing by means of unsolicited electronic communications except as referred to in section 69(1); not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of his, her or its personal information intended to provide a profile of such person as provided for in terms of section 71; to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator as provided for in terms of section 74; and. The Chairperson of the Regulator or a member who has been appointed in a full-time capacity may, notwithstanding the provisions of subsection (1)(c) or (e), only perform or undertake to perform any other remunerative work during the period that he or she holds office as Chairperson or member with the prior written consent of the Minister. Registration is therefore a prerequisite for Information Officers to perform their duties. to maintain the legitimate interests of the responsible party or of a third party to whom the information is supplied; compliance would prejudice a lawful purpose of the collection; or. If an investigation is made following a complaint, and—. No self-incriminating answer given or statement made to a person who conducts a search in terms of a warrant issued under section 82 is admissible as evidence against the person who gave the answer or made the statement in criminal proceedings, except in criminal proceedings for perjury or in which that person is tried for an offence contemplated in section 102 and then only to the extent that the answer or statement is relevant to prove the offence charged. All other company & product names may be trademarks of the respective companies with which they are associated. Duty of confidentiality. A code of conduct issued under section 60 comes into force on the 28th day after the date of its notification in the Gazette or on such later date as may be specified in the code and is binding on every class or classes of body, industry, profession or vocation referred to therein. prescribe how the conditions for the lawful processing of personal information are to be applied, or are to be complied with, given the particular features of the sector or sectors of society in which the relevant responsible parties are operating. A police officer who is assisting a person authorised to conduct an entry and search in terms of a warrant issued under section 82 may overcome resistance to the entry and search by using such force as is reasonably necessary. In addition, most schemes have controlled-access points where residents and visitors alike must provide personal information to gain entry to the complex or to obtain a remote control or access card. It seeks to protect and regulate the processing of personal information, falling into the broader Constitutional right to privacy.

on the application, in the prescribed form, by a body which is, in the opinion of the Regulator, sufficiently representative of any class of bodies, or of any industry, profession, or vocation as defined in the code in respect of such class of bodies or of any such industry, profession or vocation. By Reon Janse van Rensburg. The processing of the special personal information of a child is prohibited in terms of sections 26 and 34 unless the provisions of sections 27 and 35 are applicable in which case, subject to section 37, the conditions for the lawful processing of personal information as referred to in Chapter 3 must be complied with. Make POPI Act compliance “Business-As-Usual” Recognise that POPI Act compliance will be the “new normal” and work that way Build compliance into our products, services and processes – adopt … A member of the Regulator or person referred to in subsection (1) who has disclosed a conflict of interest in terms of subsection (1)—, may perform all duties relating to the matter in question if a decision has been taken that the interest is trivial or irrelevant; or. any specified industry, profession, or vocation or class of industries, professions, or vocations. The POPI Act aims to encourage the protection of personal information that is processed by both public and private bodies. The more an agent knows about a client, the better equipped they are in finding the ideal home that meets the individual needs of that client. The members referred to in section 41(1)(d)(i) must exercise their powers and perform their duties and functions as follows: one member in terms of the Promotion of Access to Information Act. Copyright © Blue Sky Publications Ltd. All Rights Reserved. be used for historical, statistical or research purposes. In the cases referred to under subsection (1), the information may only be processed by responsible parties subject to an obligation of confidentiality by virtue of office, employment, profession or legal provision, or established by a written agreement between the responsible party and the data subject.

Data subjects have the right to ask whether you store data about them. Any person summoned in terms of section 81 to attend and give evidence or to produce any book, document or object before the Regulator who, without sufficient cause fails—. codes of conduct issued by the Information Regulator. merging, linking, as well as restriction, degradation, erasure or destruction of information; ‘‘Promotion of Access to Information Act’’ means the Promotion of Access to Information Act, 2000 (Act No. Masthead (Pty) Ltd and its agents or representatives shall not be liable for any damage, loss or liability arising from the use or inability to use this website or the services or content provided from and through this website. to assist bodies to develop codes of conduct or to apply approved codes of conduct; relating to making and dealing with complaints under approved codes of conduct; and. the balance, if any (in this section referred to as the distributable balance), must be distributed by the Regulator to the data subject at whose request the proceedings were brought. Signed into law on November 19, 2013, parts of the law became effective on April 11, 2014. Help support journalists, the guardians of independent journalism, through our, US Elections: Obama lays into Trump ahead of last debate, Mover and shaker DJ Zinhle bags first music award for ‘Umlilo’ hit, Gauteng housing protest: Government accused of breaking 2018 promise, Foster care grant payments delayed by another 18-months, Super Rugby Unlocked: Jantjies ruled out in injury blow to Lions. No prosecution may be instituted against a responsible party if the responsible party concerned has paid an administrative fine in terms of this section in respect of the same set of facts. In the event that the Regulator decides to conduct a more detailed investigation, it must indicate the period within which it plans to conduct this investigation, which period must not exceed 13 weeks. All of this information can be included in your Privacy Policy. the prevention, detection and prosecution of offences; important economic and financial interests of a public body; fostering compliance with legal provisions established in the interests referred to under paragraphs (b) and (c); historical, statistical or research activity; or. The law gives a non-exhaustive list of examples of personal information. 33 of 2004. for purposes of direct marketing other than direct marketing by means of unsolicited electronic communications as referred to in section 69. The Regulator may amend or revoke a code of conduct issued under section 60. an election of the National Assembly or the provincial legislature as regulated in terms of the Electoral Act, 1998 (Act No. identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control; establish and maintain appropriate safeguards against the risks identified; regularly verify that the safeguards are effectively implemented; and. There is no warranty of any kind, expressed or implied, regarding the information or any aspect of this service. such sums of money that Parliament appropriates annually, for the use of the Regulator as may be necessary for the proper exercise, performance and discharge, by the Regulator, of its powers, duties and functions under this Act and the Promotion of Access to Information Act; and. reasonably requires any information for the purpose of determining whether the responsible party has interfered or is interfering with the personal information of a data subject, the Regulator may serve the responsible party with an information notice requiring the responsible party to furnish the Regulator, within a specified period, in a form specified in the notice, with a report indicating that the processing is taking place in compliance with the provisions of the Act, or with such information relating to the request or to compliance with the Act as is so specified. They may not, for example, let owners believe that their personal information will only be used for correspondence and communications like levy statements and meeting notices and then use it – or allow it to be used – by a different company for some other purpose, such as direct marketing, without permission.”, READ | POPI Compliance | Five effective steps your business can take right now. Masthead (Pty) Ltd will not sell or rent its user’s personal identifiable information to third parties. A responsible party may only process the personal information of a data subject who is a customer of the responsible party in terms of subsection (1)(b)—. In performing its functions in terms of section 40(1)(b)(ix)(bb) with regard toinformation matching programmes, the Regulator must have particular regard towhether or not the—. A court hearing proceedings in terms of subsection (1) may award an amount that is just and equitable, including—. Any warranty implied by law is hereby excluded except to the extent such exclusion would be unlawful. procures the disclosure of an account number of a data subject to another person, is, subject to subsection (2), guilty of an offence. the purpose of which is the prevention, detection, including assistance in the identification of the proceeds of unlawful activities and the combating of money laundering activities, investigation or proof of offences, the prosecution of offenders or the execution of sentences or security measures. See the latest status from the Information Regulator.