Although there are still no clear indicators related to when the long-awaited Protection of Personal Information Act (POPI) will come into force, there have been some recent POPI related developments.
The Information Regulator has published (for comment) draft Guidelines to develop Codes of Conduct under POPI.
The Guidelines set out the form and contents to which the Codes of Conduct must adhere. For example, according to the Guidelines, a Code of Conduct could provide clarity to an industry or body (specifically, a body that exercises a regulatory or supervisory role in an industry or profession) as to how the conditions for the lawful processing of personal information (which includes the personal information of natural persons and juristic persons, such as companies and trusts) are to be applied and complied with, given the particular features of an industry or body in which the responsible parties are operating.
The Guidelines govern various aspects, such as:
- resources required in order to develop and implement a Code of Conduct;
- practical guidelines on how to draft a Code of Conduct;
- complaints handling procedures; and
- reviewing, varying and revocation of approved Codes of Conduct.