March 2021
LABOUR BRIEF NO. 436
On 26 February 2021, the Guideline to Develop Codes of Conduct (Guideline) was gazetted and notice was given that Regulations issued in terms of the Protection of Personal Information Act 4 of 2013 (POPIA) are coming into effect. In relation to the Regulations, the Government Gazette (No 44191) notified that Regulation 5 (relating to the application for issuing of Codes of Conduct) is effective as of 1 March 2021. Regulation 4 (relating to certain responsibilities of Information Officers) will be effective on 1 May 2021 and the rest of the Regulations will come into effect on 1 July 2021.
Responsibilities of Information Officers
With Regulation 4 being effective as from 1 May 2021, information officers will be required to comply with the following:
- develop, implement, monitor and maintain a compliance framework;
- undertake a personal information impact assessment to ensure that adequate measures and standards exist;
- develop, monitor and maintain an access to information manual required in terms of the promotion of Access to Information Act 2 of 2000 (PAIA) (commonly known as a PAIA manual);
- develop internal measures and systems to process requests for information or access; and
- conduct internal awareness sessions.
This would mean that the Information Regulator is likely to communicate the mechanism or process to allow for the registration of information officers in the coming weeks, in order that information officers may assume their duties.
Issuing a code of conduct under the Guideline
Chapter 7 of POPIA provides for the development of codes of conduct which may apply to certain types of personal information, specific industries, professions, bodies or to specific types of activities.
The Guideline which has been published, is for the development of codes of conduct by the relevant industry bodies in terms of section 65 of POPIA. The Guideline provides guidance to industry bodies on the making of an application for a code of conduct to be approved by the Information Regulator. The Regulations prescribe the form for such application to the Information Regulator which may be submitted as from 1 March 2021.
With the remainder of the Regulations to commence on 1 July 2021, it is now more important than ever for businesses to ensure that their processing of personal information complies with the provisions of POPIA.
K. Cowley
(Chairperson – (CEA – TESD)