BACKGROUND TO DATA PRIVACY IN SOUTH AFRICA
The Protection of Personal Information Act, 4 of 2013, (“POPIA”), which came into force on 1 July 2021, is a law which regulates the use and processing of a person and / legal entity’s personal information, this being in response to, and in order to protect and give effect to a person and/or legal entity’s rights to privacy, including the right not to have their / its personal information and related data misused, abused or used for ulterior purposes.
POPIA applies to personal information which belongs to individuals and legal entities (“Data Subjects”) which is processed, be it in an automated or non-automated manner in South Africa, by another (“Responsible Party”) and places on any Responsible Party who is processing a data Subject’s personal information, a duty to use it lawfully and only for a specific and defined purpose(s).
In terms of POPIA, the Corporate Counsel Association, as a Responsible Party, is required to appoint an Information Officer (“IO”) and Deputy Information Officers (“DIOs”), to be responsible for establishing a POPIA Compliance Framework, and who following this, are required to assess, analyse and understand what types of personal information the Corporate Counsel Association is processing which belongs to Data Subjects and to thereafter develop certain processes and procedures, including a POPIA Policy, which have to be followed by all personnel when they process and use another’s personal information.
A Personal Information Impact Assessment as per the Corporate Counsel Association's POPIA Compliance Framework has been carried out and created, which has indicated that the Corporate Counsel Association, during the course of its business activities does and will continue to collect, store and process personal information about employees, its customers, suppliers and other third parties.
Furthermore, the Impact Assessment has defined and revealed that the Corporate Counsel Association processes a large amount of different types of personal information including names, addresses, opinions, financial details, medical details and the like which pertain to current, past and prospective employees and customers, suppliers, and others who the Corporate Counsel Association communicates and deals with and which processing is carried out for a variety of purposes, including for business, compliance and legal purposes.
The Corporate Counsel Association also processes special purpose information including gender, sex, marital status, colour, age, race or ethnic origin, religious beliefs, trade union membership and the like for the purposes of recruitment, employment equity statistics, legal compliance and for the facilitation of union fees and memberships.
Following the Personal Information Impact Assessment, the Corporate Counsel Association is confident that whilst this personal information is held on paper or on a computer or other media, such storage is subject to the prescribed legal safeguards as specified in POPIA and other regulations.
The Corporate Counsel Association, as per the POPIA requirements, has implemented a robust POPIA compliance program which includes various POPIA policies and processes some of which are internal documents and some of which are available for public access. These documents which are available for public access can be viewed below.
Personal Information Processing notices:
Website Privacy Notice
Privacy Notice & Cookies
Procurement Processing Notice
Member Processing Notice
Operator Agreement
POPIA & PAIA Forms