Codes of Conduct

POPIA Logo

POPIA > CHAPTER 7 > Codes of Conduct (Sections 60 – 68)

POPIA > SECTION 60 > Issuing of codes of conduct
  1. The Regulator may from time to time issue codes of conduct.
  2. A code of conduct must—
    1. incorporate all the conditions for the lawful processing of personal information or set out obligations that provide a functional equivalent of all the obligations set out in those conditions; and
    2. prescribe how the conditions for the lawful processing of personal information are to be applied, or are to be complied with, given the particular features of the sector or sectors of society in which the relevant responsible parties are operating.
  3. A code of conduct may apply in relation to any one or more of the following:
    1. Any specified information or class of information;
    2. any specified body or class of bodies;
    3. any specified activity or class of activities; or
    4. any specified industry, profession, or vocation or class of industries, professions, or vocations.
  4. A code of conduct must also—
    1. specify appropriate measures—
      1. for information matching programmes if such programmes are used within a specific sector; or
      2. for protecting the legitimate interests of data subjects insofar as automated decision making, as referred to in section 71, is concerned;
    2. provide for the review of the code by the Regulator; and
    3. provide for the expiry of the code.
POPIA > SECTION 61 > Process for issuing codes of conduct
  1. The Regulator may issue a code of conduct under section 60
    1. on the Regulator’s own initiative, but after consultation with affected stakeholders or a body representing such stakeholders; or
    2. on the application, in the prescribed form, by a body which is, in the opinion of the Regulator, sufficiently representative of any class of bodies, or of any industry, profession, or vocation as defined in the code in respect of such class of bodies or of any such industry, profession or vocation.
  2. The Regulator must give notice in the Gazette that the issuing of a code of conduct is being considered, which notice must contain a statement that—
    1. the details of the code of conduct being considered, including a draft of the proposed code, may be obtained from the Regulator; and
    2. submissions on the proposed code may be made in writing to the Regulator within such period as is specified in the notice.
  3. The Regulator may not issue a code of conduct unless it has considered the submissions made to the Regulator in terms of subsection (2)(b), if any, and is satisfied that all persons affected by the proposed code have had a reasonable opportunity to be heard.
  4. The decision as to whether an application for the issuing of a code has been successful must be made within a reasonable period which must not exceed 13 weeks.
POPIA > SECTION 62 > Notification, availability and commencement of code of conduct
  1. If a code of conduct is issued under section 60 the Regulator must ensure that—
    1. there is published in the Gazette, as soon as reasonably practicable after the code is issued, a notice indicating—
      1. that the code has been issued; and
      2. where copies of the code are available for inspection free of charge and for purchase; and
    2. as long as the code remains in force, copies of it are available—
      1. on the Regulator’s website;
      2. for inspection by members of the public free of charge at the Regulator’s offices; and
      3. for purchase or copying by members of the public at a reasonable price at the Regulator’s offices.
  2. A code of conduct issued under section 60 comes into force on the 28th day after the date of its notification in the Gazette or on such later date as may be specified in the code and is binding on every class or classes of body, industry, profession or vocation referred to therein.
POPIA > SECTION 63 > Procedure for dealing with complaints
  1. A code of conduct may prescribe procedures for making and dealing with complaints alleging a breach of the code, but no such provision may limit or restrict any provision of Chapter 10.
  2. If the code sets out procedures for making and dealing with complaints, the Regulator must be satisfied that—
    1. the procedures meet the—
      1. prescribed standards; and
      2. guidelines issued by the Regulator in terms of section 65, relating to the making of and dealing with complaints;
    2. the code provides for the appointment of an independent adjudicator to whom complaints may be made;
    3. the code provides that, in exercising his or her powers and performing his or her functions, under the code, an adjudicator for the code must have due regard to the matters listed in section 44;
    4. the code requires the adjudicator to prepare and submit a report, in a form satisfactory to the Regulator, to the Regulator within five months of the end of a financial year of the Regulator on the operation of the code during that financial year; and
    5. the code requires the report prepared for each year to specify the number and nature of complaints made to an adjudicator under the code during the relevant financial year.
  3. A responsible party or data subject who is aggrieved by a determination, including any declaration, order or direction that is included in the determination, made by an adjudicator after having investigated a complaint relating to the protection of personal information under an approved code of conduct, may submit a complaint in terms of section 74(2) with the Regulator against the determination upon payment of a prescribed fee.
  4. The adjudicator’s determination continues to have effect unless and until the Regulator makes a determination under Chapter 10 relating to the complaint or unless the Regulator determines otherwise.
POPIA > SECTION 64 > Amendment and revocation of codes of conduct
  1. The Regulator may amend or revoke a code of conduct issued under section 60.
  2. The provisions of sections 60 to 63 apply in respect of any amendment or revocation of a code of conduct.
POPIA > SECTION 65 > Guidelines about codes of conduct
  1. The Regulator may provide written guidelines—
    1. to assist bodies to develop codes of conduct or to apply approved codes of conduct;
    2. relating to making and dealing with complaints under approved codes of conduct; and
    3. about matters the Regulator may consider in deciding whether to approve a code of conduct or a variation or revocation of an approved code of conduct.
  2. The Regulator must have regard to the guidelines as set out in section 7(3)(a) to (d) when considering the approval of a code of conduct for the processing of personal information for exclusively journalistic purposes where the responsible party is not subject to a code of ethics as referred to in section 7(1).
  3. Before providing guidelines for the purposes of subsection (1)(b), the Regulator must give everyone the Regulator considers has a real and substantial legitimate interest in the matters covered by the proposed guidelines an opportunity to comment on them.
  4. The Regulator must publish guidelines provided under subsection (1) in the Gazette.
POPIA > SECTION 66 > Register of approved codes of conduct
  1. The Regulator must keep a register of approved codes of conduct.
  2. The Regulator may decide the form of the register and how it is to be kept.
  3. The Regulator must make the register available to the public in the way that the Regulator determines.
  4. The Regulator may charge reasonable fees for—
    1. making the register available to the public; or
    2. providing copies of, or extracts from, the register.
POPIA > SECTION 67 > Review of operation of approved code of conduct
  1. The Regulator may, on its own initiative, review the operation of an approved code of conduct.
  2. The Regulator may do one or more of the following for the purposes of the review:
    1. Consider the process under the code for making and dealing with complaints;
    2. inspect the records of an adjudicator for the code;
    3. consider the outcome of complaints dealt with under the code;
    4. interview an adjudicator for the code; and
    5. appoint experts to review those provisions of the code that the Regulator believes require expert evaluation.
  3. The review may inform a decision by the Regulator under section 64 to revoke the approved code of conduct with immediate effect or at a future date to be determined by the Regulator.
POPIA > SECTION 68 > Effect of failure to comply with code of conduct

If a code issued under section 60 is in force, failure to comply with the code is deemed to be a breach of the conditions for the lawful processing of personal information referred to in Chapter 3 and is dealt with in terms of Chapter 10.

Chapter 7 > Codes of Conduct

Protection of Personal Information Act (POPI Act) or POPIA South Africa | POPI Act Compliance | Information Regulator | Chapters | Sections | POPI Act Compliance Plan | POPIA Chapters 1-12 | POPIA Sections 1 – 115 | POPI Act Documents

Translate
error: Protected Content
POPIA