欢迎访问有用文档网!

当前位置: 有用文档网 > 心得体会 >

南非个人信息保护法

| 浏览次数:

  Act No. 4 of 2013

 Protection Of Personal Information Act, 2013 1

 Protection of Personal Information A c t ,

 2013

  Ensuring protection of your personal information and effective access to information

  Act No. 4 of 2013

 2 Protection Of Personal Information Act, 2013

  Protection of Personal Information A c t ,

 2013

  Act No. 4 of 2013

 GENERAL EXPLANATORY NOTE:

 [ ] Words in bold type in square brackets indicate omissions from existing enactments. Words underlined with a solid line indicate insertions in existing enactments.

  (English text signed by the President) (Assented to 19 November 2013)

 ACT To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the fl ow of personal information

 across

 the borders of the Republic; and to provide for matters connected therewith.

 PREAMBLE PREAMBLE RECOGNISING THAT— •

 section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy; •

 the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information; •

 the State must respect, protect, promote and fulf i l the rights in the Bill of Rights;

 AND BEARING IN MIND THAT— •

 consonant with the constitutional values of democracy and openness, the need for economic and social progress, within the framework of the

 information society, requires the removal of unnecessary impediments to the free fl ow of information, including personal information;

 AND IN ORDER TO— •

 regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justif i able limitations that are aimed at protecting other rights and important interests,

 Parliament of the republic of south africa therefore anacts as follows:-

 CONTENTS OF ACT CHAPTER 1 DEFINITIONS AND PURPOSE 1.

 Def i nitions 2.

 Purpose of Act

 CHAPTER 2 APPLICATION PROVISIONS 3.

 Application and interpretation of Act 4.

 Lawful processing of personal information 5.

 Rights of data 6.

 Exclusions 7.

 Exclusion for journalistic, literary or artistic purposes

 CHAPTER 3 CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION

 Part A Processing of personal information in general Condition 1 Accountability 8.

 Responsible party to ensure conditions for lawful processing

 Condition 2 Processing limitation 9.

 Lawfulness of processing 10.

 Minimality 11.

 Consent, justif i cation and objection 12.

 Collection directly from data subject

 Condition 3 Purpose specif i cation 13.

 Collection for specif i c purpose 14.

 Retention and restriction of records

 Condition 4 Further processing limitation 15.

 Further processing to be compatible with purpose of collection

 Condition 5 Information quality 16.

 Quality of information

 17.

 Documentation Condition 6 Openness 18.

 Notif i cation to data subject when collecting personal information

 Condition 7 Security safeguards

 19.

 Security measures on integrity and conf i dentiality of personal information 20.

 Information processed by operator or person acting under authority 21.

 Security measures regarding information processed by operator 22.

 Notif i cation of security compromises

 Condition 8 Data subject participation

 23.

 Access to personal information 24.

 Correction of personal information 25.

 Manner of access

 Part B Processing of special personal information

 26.

 Prohibition on processing of special personal information 27.

 General authorisation concerning special personal information

 28.

 Authorisation concerning data subject’s religious or philosophical beliefs 29.

 Authorisation concerning data subject’s race or ethnic origin 30.

 Authorisation concerning data subject’s trade union membership 31.

 Authorisation concerning data subject’s political persuasion 32.

 Authorisation concerning data subject’s health or sex life 33.

 Authorisation concerning data subject’s criminal behaviour

 or biometric 25 information

 Part C Processing of personal information of children

 34.

 Prohibition on processing personal information of children 35.

 General authorisation concerning personal information of children 30

 CHAPTER 4 EXEMPTION FROM CONDITIONS FOR PROCESSING OF PERSONAL INFORMATION

 36.

 General 37.

 Regulator may exempt processing of personal information 35 38.

 Exemption in respect of certain functions

 CHAPTER 5 SUPERVISION

  Part A Information Regulator 40

 39.

 Establishment of Information Regulator 40.

 Powers, duties and functions of Regulator 41.

 Appointment, term of office and removal of members of Regulator 42.

 Vacancies 43.

 Powers, duties and functions of Chairperson and other members

 44.

 Regulator to have regard to certain matters 45.

 Conf l ict of interest Remuneration, allowances, benef i ts and privileges of members 46.

 Staff 47.

 Powers, duties and functions of chief executive officer 48.

 Committees of Regulator 49.

 Establishment of Enforcement Committee 50.

 Meetings of Regulator 51.

 Funds 52.

 Protection of Regulator 53.

 Duty of conf i dentiality Part B Information Officer

 54.

 Duties and responsibilities of Information Officer 55.

 Designation and delegation of deputy information officers

 CHAPTER 6 PRIOR AUTHORISATION Prior Authorisation

 56.

 Processing subject to prior authorisation 57.

 Responsible party to notify Regulator if processing is subject to prior authorisation 58.

 Failure to notify processing subject to prior authorisation

 CHAPTER 7 CODES OF CONDUCT

 59.

 Issuing of codes of conduct 60.

 Process for issuing codes of conduct 61.

 Notif i cation, availability and commencement of code of conduct 62.

 Procedure for dealing with complaints 63.

 Amendment and revocation of codes of conduct 64.

 Guidelines about codes of conduct

 65.

 Register of approved codes of conduct 66.

 Review of operation of approved code of conduct 67.

 Effect of failure to comply with code of conduct

 CHAPTER 8 RIGHTS OF DATA SUBJECTS REGARDING DIRECT MARKETING BY MEANS OF UNSOLICITED ELECTRONIC COMMUNICATIONS, DIRECTORIES AND AUTOMATED DECISION MAKING

 68.

 Direct marketing by means of unsolicited electronic communications 69.

 Directories 70.

 Automated decision making

 CHAPTER 9 TRANSBORDER INFORMATION FLOWS

 72. Transfers of personal information outside Republic

 CHAPTER 10 ENFORCEMENT5

 71.

 Interference with protection of personal information of data subject 72.

 Complaints 73.

 Mode of complaints to Regulator 74.

 Action on receipt of complaint 75.

 Regulator may decide to take no action on complaint 76.

 Referral of complaint to regulatory body 77.

 Pre-investigation proceedings of Regulator 78.

 Settlement of complaints 79.

 Investigation proceedings of Regulator 80.

 Issue of warrants 81.

 Requirements for issuing of warrant 82.

 Execution of warrants

 83.

 Matters exempt from search and seizure 84.

 Communication between legal adviser and client exempt 85.

 Objection to search and seizure 86.

 Return of warrants 87.

 Assessment 88.

 Information notice 89.

 Parties to be informed of result of assessment 90.

 Matters referred to Enforcement Committee Functions of Enforcement Committee 91.

 Parties to be informed of developments during and result of investigation 92.

 Enforcement notice 93.

 Cancellation of enforcement notice 94.

 Right of appeal 95.

 Consideration of appeal 96.

 Civil remedies

 CHAPTER 11 OFFENCES, PENALTIES AND ADMINISTRATIVE FINES

 97.

 Obstruction of Regulator Breach of conf i dentiality 98.

 Obstruction of execution of warrant 99.

 Failure to comply with enforcement or information notices 100.

 Offences by witnesses 101.

 Unlawful acts by responsible party in connection with account number 102.

 Unlawful acts by third parties in connection with account number 103.

 Penalties 104.

 Magistrate’s Court jurisdiction to impose penalties 105.

 Administrative fi nes

 106.

 Amendment of laws 107.

 Fees 108.

 Regulations CHAPTER 12 GENERAL PROVISIONS 109.

 Procedure for making regulations Transitional arrangements 110.

 Short title and commencement 111.

 Fees 112.

 Regulations 113.

 Procedure for making regulations 114.

 Transitional arrangements 115.

 Short title and commencement

  Act No. 4 of 2013

 12 Protection Of Personal Information Act, 2013

  CHAPTER 1

 DEFINITIONS AND PURPOSE

 SCHEDULE Laws amended by section 110

 Def i nitions CHAPTER 1 DEFINITIONS AND PURPOSE

 1. In this Act, unless the context indicates otherwise— ‘‘biometrics’’

 means

  a

  technique

  of

  personal

  identif i cation

  that is based on physical, physiological or behavioural characterisation including blood typing, fi ngerprinting, DNA analysis, retinal scanning and voice recognition; ‘‘child’’ means a natural person under the age of 18 years who is not legally 10 competent, without the assistance of a

 competent person, to take any action or decision in respect of any matter concerning him- or herself; ‘‘code of conduct’’ means a code of conduct issued in terms of Chapter 7; ‘‘competent person’’ means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child; ‘‘consent’’ means any voluntary, specif i c and informed expression of will in terms of which permission is given for the processing of personal information; ‘‘Constitution’’ means the Constitution of the Republic of South Africa, 1996; ‘‘data subject’’ means the person to whom personal information relates; ‘‘de-identify’’, in relation to personal information of a data subject, means to delete 20 any information that— (a)

 identif i es the data subject;

 (b)

 can be used or manipulated by a reasonably foreseeable method to identify the data subject; or (c)

 can be linked by a reasonably foreseeable method to other information that 25 identif i es the data subject, and ‘‘de-identif i ed’’ has a corresponding meaning; ‘‘direct marketing’’ means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of— (a)

 promoting or offering to supply, in the ordinary course of business, any goods 30 or services to the data subject; or (b)

 requesting the data subject to make a donation of any kind for any reason; ‘‘electronic communication’’ means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient;35 ‘‘enforcement notice’’ means a notice issued in terms of section 95; ‘‘f i ling system’’ means any structured set of personal information, whether centralised, decentralised or dispersed on a functional or geographical basis, which is accessible according to specif i c criteria; ‘‘information matching programme’’ means the comparison, whether manually 40 or by means of any electronic or other device, of any document that contains personal information about ten or more data subjects with one or more documents that contain personal information of ten or more data subjects, for the purpose of producing or verifying information that may be used for the purpose of taking any action in regard to an identif i able data subject;45 ‘‘information officer’’ of, or in relation to, a— (a)

  public body means an information officer or deputy information officer as contemplated in terms of section 1 or 17; or (b)

 private body means the head of a private body as contemplated in section 1, of the Promotion of Access to Information Act;50

 ‘‘Minister’’ means the Cabinet member responsible for the administration of justice; ‘‘operator’’ means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party; ‘‘person’’ means a natural person or a juristic person; ‘‘personal information’’ means information relating to an identif i able, living, natural person, and where it is applicable, an identif i able, existing juristic person, including, but not limited to— (a)

 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b)

 information relating to the education or the medical, fi nancial, criminal or employment history of the person; (c)

 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identif i er or other particular assignment to the person; (d)

 the biometric information of the person; (e)

 the personal opinions, views or preferences of the person; (f)

 correspondence sent by the person that is implicitly or explicitly

  of a private or conf i dential nature or further correspondence that would reveal the contents of the original correspondence; (g)

 the views or opinions of another individual about the person; and (h)

 the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person; ‘‘prescribed’’ means prescribed by regulation or by a code of conduct; ‘‘private body’’ means— (a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;

 (b) a partnership which carries or has carried on any trade, business or profession; or (c) any former or existing juristic person, but excludes a public body; ‘‘processing’’ means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including— (a)

 the collection, receipt, recording, organisation, collation, storage, updating or modif i cation, retrieval, alteration, consultation or use; (b)

 dissemination by means of transmission, distribution or making available in any other form; or (c)

 merging, linking, as well as restriction, degradation, erasure or destruction of information; ‘‘professional legal adviser’’ means any legally qualif i ed person, whether in private practice or not, who lawfully provides a client, at his or her or its request, with independent, conf i dential legal advice; ‘‘Promotion of Access to Information Act’’ means the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000); ‘‘public body’’ means— (a)

 any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or (b)

 any other functionary or institution when— (i)

 exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or (ii)

 exercising a public power or performing a public function in terms of any legislation; ‘‘public record’’ means a record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that public body; ‘‘record’’ means any recorded information—

 (a) regardless of form or medium, including any of the following: (i)

 Writing on any material; (ii)

 information produced, recorded or stored by means of any tape- recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored; (iii)

  label, marking or other writing that identif i es or describes any thing of which it forms part, or to which it is attached by any means; (iv)

 book, map, plan, graph or drawing; (v)

 photograph, fi lm, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced; (b) in the possession or under the control of a responsible party; (c) whether or not it was created by a responsible party; and (d) regardless of when it came into existence; ‘‘Regulator’’ means the Information Regulator established in terms of section 39; ‘‘re-identify’’, in relation to personal information of a data subject, means to resurrect any information that has been de-identif i ed, that— (a)

 identif i es the data subject; (b)

 can be used or manipulated by a reasonably foreseeable method to identify the data subject; or (c)

 can be linked by a reasonably foreseeable method to other information that identif i es the data subject and ‘‘re-identif i ed’’ has a corresponding meaning; ‘‘Republic’’ means the Republic of South Africa; ‘‘responsible party’’ means a public or private body or any other person which, alone or in conjunction with

 others,

 determines the

 purpose of and means for processing personal information;

 ‘‘restriction’’ means to withhold from circulation, use or publication any personal 20 information that forms part of a fi ling system, but not to delete or destroy such information; ‘‘special personal information’’ means personal information as referred to in section 26; ‘‘this Act’’ includes any regulation or code of conduct made under this Act; and ‘‘unique identif i er’’ means any identif i er that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identif i es that data subject in relation to that responsible party.

 Purpose of Act 2. The purpose of this Act is to— (a)

  give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justif i able limitations that are aimed at— (i)

 balancing the right to privacy against other rights, particularly the right of access to information; and (ii)

 protecting important interests, including the free fl ow of information within the Republic and across international borders; (b)

 regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information; (c)

 provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and (d)

 establish voluntary and compulsory measures, including the establishment of an Information Regulator, to ensure respect for and to promote, enforce and fulf i l the rights protected by this Act.

  Act No. 4 of 2013

 Protection Of Personal Information Act, 2013 19 APPLICATION PROVISIONS

  CHAPTER 2

  CHAPTER 2 APPLICATION PROVISIONS Application and interpretation of Act 1. (1) This Act applies to the processing of personal information— (c) samesmelting, koppeling, asook inperking, degradasie, uitwissing of vernietiging van inligting; ‘‘Reguleerder’’ die Inligtingsreguleerder ingevolge artikel 39 ingestel; ‘‘rekord’’ enige opgetekende inligting— (a) ongeag vorm of medium, met inbegrip van enige van

 die volgende: (i) Skrif op enige materiaal; (ii) inligting geproduseer, opgeteken of gestoor by wyse van

 enige bandopnemer, rekenaartoerusting, hetsy hardeware of sagteware of beide, of ander toestel, en enige materiaal vervolgens verkry uit die inligting aldus geproduseer, opgeteken of gestoor; (iii)

 etiket, merk, of ander skrif wat enige voorwerp waarvan dit deel uitmaak, of waaraan dit op enige wyse geheg is, identif i seer

  of beskryf; (iv) boek, kaart, plan, graf i ek of tekening; (v) foto, fi lm, negatief, band of ander toestel waarin een of meer visuele beelde vervat is sodat dit geskik is, met of sonder die hulp van ander toerusting, vir reproduksie; (b) in die besit of onder die beheer van ’n verantwoordelike party; (c) hetsy dit deur die verantwoordelike party geskep is al dan nie; en (d) ongeag wanneer dit tot stand gekom het; ‘‘Republiek’’ die Republiek van Suid-Afrika; ‘‘spesiale persoonlike inligting’’ persoonlike inligting soos by artikel 26 bedoel;

 ‘‘toestemming’’ enige vrywillige, bepaalde en ingeligte wilsuitdrukking ingevolge waarvan verlof tot die prosessering van persoonlike inligting gegee word; ‘‘unieke identif i seerder’’ enige identif i seerder wat aan ’n datasubjek toegewys word en wat deur ’n verantwoordelike party vir doeleindes van die bedrywighede van daardie verantwoordelike party gebruik word en waarmee daardie verantwoordelike party die datasubjek op unieke wyse identif i seer; ‘‘verantwoordelike party’’ ’n openbare of privaatliggaam of enige ander persoon wat, eiehandig of in samewerking met andere, die oogmerk van en middele van prosessering van persoonlike inligting bepaal; ‘‘voorgeskryf ’’ voorgeskryf by regulasie of by ’n gedragskode; en ‘‘Wet op Bevordering van Toegang tot Inligting’’ die Wet op Bevordering van Toegang tot Inligting, 2000 (Wet No. 2 van 2000). Oogmerk van Wet 2. Die oogmerk van hierdie Wet is om— (a)

 gevolg

 te

 gee

 aan

 die

  grondwetlike

  reg

  op

  privaatheid,

  deur persoonlike inligting te beskerm wanneer dit deur ’n verantwoordelike party geprosesseer word, onderhewig aan regverdigbare beperkings wat gerig is op die— (i)

 balansering van die reg op privaatheid teenoor ander regte, in besonder die reg op toegang tot inligting; en (ii)

 beskerming van belangrike belange, met inbegrip van die vrye vloei van inligting binne die Republiek en oor internasionale grense; (b)

 die wyse waarop

 persoonlike

 inligting

 geprosesseer

 mag

 word, te reguleer deur voorwaardes, in harmonie met internasionale standaarde, te vestig wat die minimum vereistes vir die regmatige prosessering van persoonlike inligting voorskryf;

 (c)

 persone van regte en remedies te voorsien ten einde hul persoonlike inligting teen prosessering wat nie in ooreenstemming met hierdie Wet is nie, te beskerm; en (d)

 vrywillige en verpligte maatreëls, met inbegrip van die instelling van ’n Inligtingsreguleerder, in te stel, ten einde respek vir, en die bevordering, afdwinging en verwesenliking van, die regte wat in hierdie Wet beskerm word, te verseker.

 HOOFSTUK 2 TOEPASSINGSBEPALINGS Toepassing en uitleg van Wet 3. (1) Hierdie Wet is van toepassing op die prosessering van persoonlike inligting— (a) entered in a record by or for a responsible party by making use

  of automated or non-automated means: Provided that when the recorded personal informa- tion is processed by non-automated means, it forms part of a fi ling system or is intended to form part thereof; and (b) where the responsible party is— (i) domiciled in the Republic; or (ii) not domiciled

 in

 the

 Republic,

 but

 makes

 use

 of automated or non-automated means in the Republic, unless those means are used only to forward personal information through the Republic. (2)

 (a) This Act applies, subject to paragraph (b), to the exclusion of any provision of any other legislation that regulates the processing of personal information and that is materially inconsistent with an object, or a specif i c provision, of this Act. (b) If any other legislation provides for conditions for the lawful processing of personal information that are more extensive than those set out in Chapter 3, the extensive conditions prevail.

 (3)

 This Act must be interpreted in a manner that— (a)

 gives effect to the purpose of the Act set out in section 2; and (b)

 does not prevent any public or private body from exercising

 or performing its powers, duties and functions in terms of the law as far as such powers, duties and functions relate to the processing of personal information and such processing is in accordance with this Act or any other legislation, as referred to in subsection (2), that regulates the processing of personal information. (4)

 ‘‘Automated means’’, for the purposes of this section, means any equipment capable of operating automatically in response to instructions given for the purpose of processing information.

 Lawful processing of personal information 4. (1) The conditions for the lawful processing of personal information by or for a responsible party are the following: (a) ‘‘Accountability’’, as referred to in section 8; (b) ‘‘Processing limitation’’, as referred to in sections 9 to 12; (c) ‘‘Purpose specif i cation’’, as referred to in sections 13 and 14; (d) ‘‘Further processing limitation’’, as referred to in section 15; (e) ‘‘Information quality’’, as referred to in section 16; (f) ‘‘Openness’’, as referred to in sections 17 and 18; (g) ‘‘Security safeguards’’, as referred to in sections 19 to 22; and (h) ‘‘Data subject participation’’, as referred to in sections 23 to 25. (2) The conditions, as referred to in subsection (1), are not

 applicable to the processing of personal information to the extent that such processing is— (a)

 excluded, in terms of section 6 or 7, from the operation of this Act; or

 (b)

 exempted in terms of section 37 or 38, from one or more of the conditions concerned in relation to such processing. (3) The processing of the special personal information of a data subject is prohibited in terms of section 26, unless the— (a)

 provisions of sections 27 to 33 are applicable; or (b)

  Regulator has granted an authorisation in terms of section 27(2), in which case, subject to section 37 or 38, the conditions for the lawful processing of personal information as referred to in Chapter 3 must be complied with. (4) The processing of the personal information of a child is prohibited in terms of section 34, unless the— (a)

 provisions of section 35(1) are applicable; or (b)

 Regulator has granted an authorisation in terms of section 35(2), in which case, subject to section 37, the conditions for the lawful processing of personal information as referred to in Chapter 3 must be complied with. (5) The processing of the special personal information of a child is prohibited in terms of sections 26 and 34 unless the provisions

  of sections 27 and 35 are applicable in which case, subject to section 37, the conditions for the lawful processing of personal information as referred to in Chapter 3 must be complied with. (6) The conditions for the lawful processing of personal information by or for a responsible party for the purpose of direct marketing by any means are ref l ected in Chapter 3, read with section 69 insofar as that section relates to direct marketing by means of unsolicited electronic communications. (7) Sections 60 to 68 provide for the development, in appropriate circumstances, of codes of conduct for

 purposes

 of

 clarifying

 how the conditions referred to in subsection (1), subject to any exemptions which may have been granted in terms of section 37, are to be applied, or are to be complied with within a particular sector.

 Rights of data subjects 5. A data subject has the right to have his, her or its personal information processed in accordance with the conditions for the lawful processing of personal information as referred to in Chapter 3, including the right— (a) to be notif i ed that— (i) personal information about him, her or it is being collected as provided for in terms of section 18; or (ii) his, her or its personal information has been accessed or acquired by an unauthorised person as provided for in terms of section 22; (b) to establish whether a responsible party holds personal information of that data subject and to request access to his, her or its personal information as provided for in terms of section 23; (c) to request, where necessary, the correction, destruction or deletion of his, her or its personal information as provided for in terms of section 24; (d) to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal information as provided for in terms of section 11(3)(a); (e) to object to the processing of his, her or its personal information— (i) at any time for purposes of direct marketing in terms of section 11(3)(b); or (ii) in terms of section 69(3)(c); (f) not to have his, her or its personal information processed for purposes of direct marketing by means of unsolicited electronic communications except as referred to in section 69(1); (g) not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of his, her or its personal information intended to provide a prof i le of such person as provided for in terms of section 71; (h)

 to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any

 data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator as provided for in terms of section 74; and (i) to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information as provided for in section 99.

 Exclusions 6. (1) This Act does not apply to the processing of personal information— (a) in the course of a purely personal or household activity; (b)

 that has been de-identif i ed to the extent that it cannot be re- identif i ed again; (c) by or on behalf of a public body— (i) which involves national security, including activities that are aimed at assisting in the identif i cation of the fi nancing of terrorist and related activities, defence or public safety; or (ii)

 the purpose of which is the prevention, detection, including assistance in the identif i cation of the proceeds of unlawful activities and the combating of money laundering activities, investigation or proof of offences, the prosecution of offenders or the execution of sentences or security measures, to the extent that adequate safeguards have been established in legislation for the protection of such personal information; (d) by the Cabinet and its committees or the Executive Council of a province; or (e) relating to the judicial functions of a court referred to in section 166 of the Constitution. (2) ‘‘Terrorist and related activities’’, for

 purposes

 of

 subsection (1) (c), means those activities referred to in section 4 of the Protection of Constitutional Democracy against Terrorist and Related Activities Act, 2004 (Act No. 33 of 2004).

 Exclusion for journalistic, literary or artistic purposes 7. (1) This Act does not apply to the processing of personal information solely for the purpose of journalistic, literary or artistic expression to the extentthat such an exclusion is necessary to reconcile, as a matter of public interest, the right to privacy with the right to freedom of expression. (2) Where a responsible party who processes personal information for exclusively journalistic purposes is, by virtue of office, employment or profession, subject to a code 20 of ethics that provides adequate safeguards for the protection of personal information, such code will apply to the processing concerned to the exclusion of this Act and any alleged interference with the protection of the personal information of a data subject that may arise as a result of such processing must be adjudicated as provided for in terms of that code. (3) In the event that a dispute may arise in respect of whether adequate safeguards have been provided for in a code as required in terms of subsection (2) or not, regard may be had to— (a) the special importance of the public interest in freedom of expression; (b) domestic and international standards balancing the— (i)

 public interest in allowing for the free fl ow of information to the public through the media in recognition of the right of the public to be informed; and (ii)

 public interest in safeguarding the protection of personal information of data subjects; (c) the need to secure the integrity of personal information; (d) domestic and international standards of professional integrity for journalists; and (e) the nature and ambit of self-regulatory forms of supervision prov...

推荐访问:南非 个人信息 保护法

热门排行Top Ranking

新时代青年的奋斗精神心得体会5篇

新时代青年的奋斗精神心得体会5篇新时代青年的奋斗精神心得体会篇1为进一步弘扬爱国奋斗奉献精神,激励党

XX乡镇防止返贫致贫监测和帮扶工作方案

XX乡镇防止返贫致贫监测和帮扶工作方案 为认真落实党的十九届四中全会关于“坚决打赢脱贫攻

坚持总体国家安全观心得体会250字8篇

坚持总体国家安全观心得体会250字8篇坚持总体国家安全观心得体会250字篇1“安而不忘危,存而不忘亡

宣传部部长心得体会15篇

宣传部部长心得体会15篇宣传部部长心得体会篇1首先,感谢领导给我这次评选优秀员工的机会,也感谢您能在

管理信息系统案例

第一章 信息系统与管理 案例((或实例) 得讨论题及点评((或回答)) [实例]利润计划工作中得反复

大学生体育课心得体会1500字5篇

大学生体育课心得体会1500字5篇大学生体育课心得体会1500字篇1不知不觉,进入大学第一个学期的体

餐饮单位疫情防控工作汇报

餐饮单位疫情防控工作汇报根据省、市、区疫情防控指挥部统一部署,严格落实《省市场监督管理局关于进一步加

党支部党建工作年度台账-基层党建工作台账

党支部党建工作年度台账::基层党建工作台账 党支部党建工作年度台账说明为抓好党建工作,根据《党章》《

党员的时代楷模心得体会12篇

党员的时代楷模心得体会12篇党员的时代楷模心得体会篇1@党员干部“打工攻略”请查收一年一度的“双十一

公文格式国家标准

公文格式国家标准 1范围 本标准规定了党政机关公文通用的纸张要求、排版和印制装订要求、公文格式各要素

内勤辅警先进事迹材料

内勤辅警先进事迹材料3篇 内勤辅警先进事迹材料1 办公室工作室一项既辛苦、又清苦的脑力劳动,他没有惊

傅雷家书阅读心得及感悟10篇

傅雷家书阅读心得及感悟10篇傅雷家书阅读心得及感悟篇1一连几天,我都沉浸在《傅雷家书》这本书中,感受