Further to our last e-alert (available
here) on POPI (or POPIA, as it is now referred to by the Information Regulator), the Information Regulator has now issued draft regulations (click
here) for public comment
While the draft regulations are primarily procedural in nature, key points include:
Consent to direct marketing: POPI prohibits the processing of personal information for the purposes of direct marketing by unsolicited electronic communications, save to an existing customer (in limited cases) or with consent. Valid consent will need to be provided in a form which "corresponds substantially" with the prescribed form. It appears to require written consent, signature and submission by post, fax, or email. Standard click-to-accept consent might not be adequate.
Information officer: the duties and responsibilities of the information officer have now been crystallised. There is a clear focus on compliance and the requirement for a new information manual.
Industry code of conduct: the regulations provides for any private or public body which, in the opinion of the Information Regulator, is "sufficiently representative" of any industry, to apply for an industry-wide code of conduct. We anticipate that many industries may seek to regulate industry-specific issues in this way.
Health information: the Information Regulator is also considering more detailed rules governing when it is "necessary" for health information to be processed, and is inviting comments and input. This will be of particular interest to the following:
- insurance companies, medical schemes, medical scheme administrators and managed healthcare organisations; and
- administrative bodies, pension funds, employers or institutions working for them.
The draft regulations are open for comment until 7 November 2017.