Member log-in

Legal Terms and Privacy

BACKGROUND TO DATA PRIVACY IN SOUTH AFRICA

 

The Protection of Personal Information Act, 4 of 2013, (“POPIA”), which came into force on 1 July 2021, is a law which regulates the use and processing of a person and / legal entity’s personal information, this being in response to, and in order to protect and give effect to a person  and/or legal entity’s rights to privacy, including the right not to have their / its personal information and related data misused, abused or used for ulterior purposes.

 

POPIA applies to personal information which belongs to individuals and legal entities (“Data Subjects”) which is processed, be it in an automated or non-automated manner in South Africa, by another (“Responsible Party”) and places on any Responsible Party who is processing a data Subject’s personal information, a duty to use it lawfully and only for a specific and defined purpose(s).

 

In terms of POPIA, CCASA, as a Responsible Party, is required to appoint an Information Officer (“IO”) and Deputy Information Officers (“DIOs”), to be responsible for establishing a POPIA Compliance Framework, and who following this, are required to assess, analyse and understand what types of personal information CCASA is processing which belongs to Data Subjects and to thereafter develop certain processes and procedures, including a POPIA Policy, which have to be followed by all CCASA personnel when they process and use another’s personal information.

 

A Personal Information Impact Assessment as per the CCASA POPIA Compliance Framework has been carried out and created, which has indicated that CCASA, during the course of its business activities does and will continue to collect, store and process personal information about CCASA employees, its customers, suppliers and other third parties.

 

Furthermore, the Impact Assessment has defined and revealed that CCASA processes a large amount of different types of personal information including names, addresses, opinions, financial details, medical details and the like which pertain to current, past and prospective employees and customers, suppliers, and others who CCASA communicates and deals with and which processing is carried out for a variety of purposes, including for business, compliance and legal purposes.

 

CCASA also processes special purpose information including gender, sex, marital status, colour, age, race or ethnic origin, religious beliefs, trade union membership and the like for the purposes of recruitment, employment equity statistics, legal compliance and for the facilitation of union fees and memberships.

 

Following the Personal Information Impact Assessment, CCASA is confident that whilst this personal information is held on paper or on a computer or other media, such storage is subject to the prescribed legal safeguards as specified in POPIA and other regulations.

 

CCASA, as per the POPIA requirements, has implemented a robust POPIA compliance program which includes various POPIA policies and processes some of which are internal documents and some of which are available for public access. These documents which are available for public access can be viewed below.

 

POPIA Policy

 

PAIA Manual

 

Personal Information Processing notices: 

 

Operator Agreement

 

CCASA’s Personal Information Security Measures

 

POPIA & PAIA Forms

 

Q & A

 

Information Officer’s Details

The Corporate Counsel Association of South Africa (CCASA) was formed in 1982 to promote the common interests of corporate lawyers (in-house counsel) in South Africa.

 

CCASA is a non-profit association managed by a Board which is annually elected by CCASA’s members.

The Association is funded by members’ subscriptions and by revenue generated by educational courses and other activities. CCASA currently has approximately 500 individual members mainly comprising of corporate lawyer representatives of more than 60 companies and other organizations.

 

Copyright © Corporate Counsel Association of South Africa. All Rights Reserved.