-
Quick Access
-
POPIA
-
-
-
- Section 26 Prohibition on processing of special personal information
- Section 27 General authorisation concerning special personal information
- Section 28 Authorisation concerning data subject’s religious or philosophical beliefs
- Section 29 Authorisation concerning data subject’s race or ethnic origin
- Section 30 Authorisation concerning data subject’s trade union membership
- Section 31 Authorisation concerning data subject’s political persuasion
- Section 32 Authorisation concerning data subject’s health or sex life
- Section 33 Authorisation concerning data subject’s criminal behaviour or biometric information
-
-
-
- Section 39 Establishment of Information Regulator
- Section 40 Powers, duties and functions of Regulator
- Section 41 Appointment, term of office and removal of members of Regulator
- Section 42 Vacancies
- Section 43 Powers, duties and functions of Chairperson and other members
- Section 44 Regulator to have regard to certain matters
- Section 45 Conflict of interest
- Section 46 Remuneration, allowances, benefits and privileges of members
- Section 47 Staff
- Section 48 Powers, duties and functions of chief executive officer
- Section 49 Committees of Regulator
- Section 50 Establishment of Enforcement Committee
- Section 51 Meetings of Regulator
- Section 52 Funds
- Section 53 Protection of Regulator
- Section 54 Duty of confidentiality
- Show all articles ( 1 ) Collapse Articles
-
-
- Section 60 Issuing of codes of conduct
- Section 61 Process for issuing codes of conduct
- Section 62 Notification, availability and commencement of code of conduct
- Section 63 Procedure for dealing with complaints
- Section 64 Amendment and revocation of codes of conduct
- Section 65 Guidelines about codes of conduct
- Section 66 Register of approved codes of conduct
- Section 67 Review of operation of approved code of conduct
- Section 68 Effect of failure to comply with code of conduct
-
- Section 73 Interference with protection of personal information of data subject
- Section 74 Complaints
- Section 75 Mode of complaints to Regulator
- Section 76 Action on receipt of complaint
- Section 77 Regulator may decide to take no action on complaint
- Section 78 Referral of complaint to regulatory body
- Section 79 Pre-investigation proceedings of Regulator
- Section 80 Settlement of complaints
- Section 81 Investigation proceedings of Regulator
- Section 82 Issue of warrants
- Section 83 Requirements for issuing of warrant
- Section 84 Execution of warrants
- Section 85 Matters exempt from search and seizure
- Section 86 Communication between legal adviser and client exempt
- Section 87 Objection to search and seizure
- Section 88 Return of warrants
- Section 89 Assessment
- Section 90 Information notice
- Section 91 Parties to be informed of result of assessment
- Section 92 Matters referred to Enforcement Committee
- Section 93 Functions of Enforcement Committee
- Section 94 Parties to be informed of developments during and result of investigation
- Section 95 Enforcement notice
- Section 96 Cancellation of enforcement notice
- Section 97 Right of appeal
- Section 98 Consideration of appeal
- Section 99 Civil remedies
- Show all articles ( 12 ) Collapse Articles
-
- Section 100 Obstruction of Regulator
- Section 101 Breach of confidentiality
- Section 102 Obstruction of execution of warrant
- Section 103 Failure to comply with enforcement or information notices
- Section 104 Offences by witnesses
- Section 105 Unlawful acts by responsible party in connection with account number
- Section 106 Unlawful acts by third parties in connection with account number
- Section 107 Penalties
- Section 108 Magistrate’s Court jurisdiction to impose penalties
- Section 109 Administrative fines
-
PAIA
-
Print
- If personal information is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of—
- the information being collected and where the information is not collected from the data subject, the source from which it is collected;
- the name and address of the responsible party;
- the purpose for which the information is being collected;
- whether or not the supply of the information by that data subject is voluntary or mandatory;
- the consequences of failure to provide the information;
- any particular law authorising or requiring the collection of the information;
- the fact that, where applicable, the responsible party intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation;
- any further information such as the—
- recipient or category of recipients of the information;
- nature or category of the information;
- existence of the right of access to and the right to rectify the information collected;
- existence of the right to object to the processing of personal information as referred to in section 11(3); and
- right to lodge a complaint to the Information Regulator and the contact details of the Information Regulator, which is necessary, having regard to the specific circumstances in which the information is or is not to be processed, to enable processing in respect of the data subject to be reasonable.
- The steps referred to in subsection (1) must be taken—
- if the personal information is collected directly from the data subject, before the information is collected, unless the data subject is already aware of the information referred to in that subsection; or
- in any other case, before the information is collected or as soon as reasonably practicable after it has been collected.
- A responsible party that has previously taken the steps referred to in subsection (1) complies with subsection (1) in relation to the subsequent collection from the data subject of the same information or information of the same kind if the purpose of collection of the information remains the same.
- It is not necessary for a responsible party to comply with subsection (1) if—
- the data subject or a competent person where the data subject is a child has provided consent for the non-compliance;
- non-compliance would not prejudice the legitimate interests of the data subject as set out in terms of this Act;
- non-compliance is necessary—
- to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
- to comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997 (Act No. 34 of 1997);
- for the conduct of proceedings in any court or tribunal that have been commenced or are reasonably contemplated; or
- in the interests of national security;
- compliance would prejudice a lawful purpose of the collection;
- compliance is not reasonably practicable in the circumstances of the particular case; or
- the information will—
- not be used in a form in which the data subject may be identified; or
- be used for historical, statistical or research purposes.