Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Chapter 7 : Codes of Conduct

60. Issuing of codes of conduct

Purchase cart Previous page Return to chapter overview Next page

 

(1)The Regulator may from time to time issue codes of conduct.

 

(2)A code of conduct must—
(a)incorporate all the conditions for the lawful processing of personal information or set out obligations that provide a functional equivalent of all the obligations set out in those conditions; and
(b)prescribe how the conditions for the lawful processing of personal information are to be applied, or are to be complied with, given the particular features of the sector or sectors of society in which the relevant responsible parties are operating.

 

(3)A code of conduct may apply in relation to any one or more of the following:
(a)Any specified information or class of information;
(b)any specified body or class of bodies;
(c)any specified activity or class of activities; or
(d)any specified industry, profession, or vocation or class of industries, professions, or vocations.

 

(4)A code of conduct must also—
(a)specify appropriate measures—
(i)for information matching programmes if such programmes are used within a specific sector; or
(ii)for protecting the legitimate interests of data subjects insofar as automated decision making, as referred to in section 71, is concerned;
(b)provide for the review of the code by the Regulator; and
(c)provide for the expiry of the code.