Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Codes of Conduct

Guidelines to Develop Codes of Conduct

Part 2 - Issuing of a Code of Conduct by the Information Regulator (regulator)

13. General principles applicable to issuing of a code of conduct

Purchase cart Previous page Return to chapter overview Next page

 

13.1 A code of conduct must:
13.1.1 be in writing;
13.1.2 incorporate all the conditions for the lawful processing of personal information or set out obligations that provide a functional equivalent of all the obligations set out in those conditions; and
13.1.3 prescribe how the conditions for the lawful processing of personal information are to be applied or complied with, given the features of the sector or sectors in society in which the relevant responsible parties are operating.

 

13.2 A code may apply to any one or more of the following:
13.2.1 any specified information or class of information;
13.2.2 any specified body or class of bodies;
13.2.3 any specified activity or class of activities; or
13.2.4 any specified industry, profession, or vocation or class of industries, professions, or vocations.

 

13.3 A code must also specify appropriate measures:
13.3.1 for information matching programmes if such programmes are used within a specific sector;
13.3.2 for protecting the legitimate interests of data subjects insofar as automated decision making is concerned;
13.3.3 to provide for the review of the code by the regulator; and
13.3.4 to provide for the expiry of the code within a minimum five (5) year period.