Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Codes of Conduct

Guidelines to Develop Codes of Conduct

Part 3 - Code Governance

25. Reporting on compliance with a code of conduct
Purchase cart Previous page Return to chapter overview Next page

 

25.1 The relevant bodies should submit an annual report to the Regulator which should also be made available on the relevant body’s website.

 

25.2 The annual report must be submitted one (1) year after a code has been issued by the Regulator.

 

25.3 The report should include the following:
25.3.1 accurate, up to date and sufficient information on how a body has monitored compliance with a code. This includes information received in reports from bodies bound by a code and from assessments or investigations;
25.3.2 aggregate information about systemic issues or serious or repeated interference with the conditions for the lawful processing of personal information that occurred during the reporting period;
25.3.3 if information regarding the effectiveness of a code in achieving compliance has significantly changed from the last report, a description of the change and any proposed process or practice to address the change;
25.3.4 the number of complaints in relation to a code received annually;
25.3.5 the average time taken to resolve the complaints;
25.3.6 statistical information about the nature of the complaints;
25.3.7 statistical information about the outcomes of the complaints; and
25.3.8 information about the remedies awarded in resolving the complaint.

 

25.4 If the reports are not provided to the Regulator or they indicate a lack of compliance with a code, this shall inform a decision by the Regulator to review, vary or revoke a code.

 

25.5 The relevant bodies bound by a code should also report systemic issues or serious violations of a code to the Regulator as soon as they become aware of them.

 

25.6 A code of conduct may prescribe procedures for making and dealing with complaints alleging a breach of a code.

 

25.7 If a code sets out procedures for making and dealing with complaints the Regulator must be satisfied that a code meets the standards prescribed by the Regulator and these guidelines.