This contains UNCERTIFIED COPY for information/reference. For authentic copy, please refer to certified copy only.  In case of any mistake, please bring it to our notice.


LegalB's Resources
QUICK LINKS: ROOT DATABASE | OVERVIEW | VERSIONS & TEXT ACCESS TIMELINE | SUBORDINATE TEXTS | COMMENTARY | POTENTIAL TRANSGRESSOR LISTS | TEST FOR TRANSGRESSIONS | EMAIL A REQUEST FOR UPDATES | HELP | CONTACT US | SEARCH SITE | LOG OUT |
 
South Africa
NATIONAL LEGISLATION OVERVIEWS
LegalB Logo
 
Protection of Personal Information Act, No. 4 of 2013
NOTE: Assented to and published in English, with alternative copy in Afrikaans except iro title/text/engrossments in the following section s110 Sch iro amendments to Act 2005_034_001, 055(2), 068, 136 and 137 (Xhosa/Afrikaans/Xhosa)**

Long title


To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.

Table of contents

SECTION TITLE

PREAMBLE

CHAPTER 1 DEFINITIONS AND PURPOSE
1. Definitions
2. Purpose of Act

CHAPTER 2 APPLICATION PROVISIONS
3. Application and interpretation of Act
2. Oogmerk van Wet [sic - Afrikaans text]

HOOFSTUK 2 TOEPASSINGSBEPALINGS [sic - Afrikaans text]
3. Toepassing en uitleg van Wet [sic - Afrikaans text]

...
4. Lawful processing of personal information
5. Rights of data subjects
6. Exclusions
7. Exclusion for journalistic, literary or artistic purposes

CHAPTER 3 CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION

Part A Processing of personal information in general

Condition 1 Accountability
8. Responsible party to ensure conditions for lawful processing

Condition 2 Processing limitation
9. Lawfulness of processing
10. Minimality
11. Consent, justification and objection
12. Collection directly from data subject Condition 3 Purpose specification
13. Collection for specific purpose
14. Retention and restriction of records

Condition 4 Further processing limitation
15. Further processing to be compatible with purpose of collection

Condition 5 Information quality
16. Quality of information

Condition 6 Openness
17. Documentation
18. Notification to data subject when collecting personal information

Condition 7 Security safeguards
19. Security measures on integrity and confidentiality of personal information
20. Information processed by operator or person acting under authority
21. Security measures regarding information processed by operator
22. Notification of security compromises

Condition 8 Data subject participation
23. Access to personal information
24. Correction of personal information
25. Manner of access

Part B Processing of special personal information
26. Prohibition on processing of special personal information
27. General authorisation concerning special personal information
28. Authorisation concerning data subject’s religious or philosophical beliefs
29. Authorisation concerning data subject’s race or ethnic origin
30. Authorisation concerning data subject’s trade union membership
31. Authorisation concerning data subject’s political persuasion
32. Authorisation concerning data subject’s health or sex life
33. Authorisation concerning data subject’s criminal behaviour or biometric information

Part C Processing of personal information of children
34. Prohibition on processing personal information of children
35. General authorisation concerning personal information of children

CHAPTER 4 EXEMPTION FROM CONDITIONS FOR PROCESSING OF PERSONAL INFORMATION
36. General
37. Regulator may exempt processing of personal information
38. Exemption in respect of certain functions

CHAPTER 5 SUPERVISION

Part A Information Regulator
39. Establishment of Information Regulator
40. Powers, duties and functions of Regulator
41. Appointment, term of office and removal of members of Regulator
42. Vacancies
43. Powers, duties and functions of Chairperson and other members
44. Regulator to have regard to certain matters
45. Conflict of interest
46. Remuneration, allowances, benefits and privileges of members
47. Staff 
48. Powers, duties and functions of chief executive officer
49. Committees of Regulator
50. Establishment of Enforcement Committee
51. Meetings of Regulator
52. Funds
53. Protection of Regulator
54. Duty of confidentiality

Part B Information Officer 
55. Duties and responsibilities of Information Officer
56. Designation and delegation of deputy information officers
CHAPTER 6 PRIOR AUTHORISATION
Prior Authorisation
57. Processing subject to prior authorisation
58. Responsible party to notify Regulator if processing is subject to prior authorisation
59. Failure to notify processing subject to prior authorisation

CHAPTER 7 CODES OF CONDUCT
60. Issuing of codes of conduct
61. Process for issuing codes of conduct
62. Notification, availability and commencement of code of conduct 
63. Procedure for dealing with complaints
64. Amendment and revocation of codes of conduct
65. Guidelines about codes of conduct
66. Register of approved codes of conduct
67. Review of operation of approved code of conduct
68. Effect of failure to comply with code of conduct  

CHAPTER 8 RIGHTS OF DATA SUBJECTS REGARDING DIRECT MARKETING BY MEANS OF UNSOLICITED ELECTRONIC COMMUNICATIONS, DIRECTORIES AND AUTOMATED DECISION MAKING
69. Direct marketing by means of unsolicited electronic communications
70. Directories
71. Automated decision making

CHAPTER 9 TRANSBORDER INFORMATION FLOWS 
72. Transfers of personal information outside Republic

CHAPTER 10 ENFORCEMENT
73. Interference with protection of personal information of data subject
74. Complaints
75. Mode of complaints to Regulator
76.  Action on receipt of complaint
77. Regulator may decide to take no action on complaint
78. Referral of complaint to regulatory body
79. Pre-investigation proceedings of Regulator
80. Settlement of complaints
81. Investigation proceedings of Regulator
82. Issue of warrants
83. Requirements for issuing of warrant
84. Execution of warrants
85. Matters exempt from search and seizure
86. Communication between legal adviser and client exempt
87. Objection to search and seizure
88. Return of warrants
89. Assessment
90. Information notice
91. Parties to be informed of result of assessment
92. Matters referred to Enforcement Committee
93. Functions of Enforcement Committee
94. Parties to be informed of developments during and result of investigation
95. Enforcement notice
96. Cancellation of enforcement notice
97. Right of appeal
98. Consideration of appeal
99. Civil remedies

CHAPTER 11 OFFENCES, PENALTIES AND ADMINISTRATIVE FINES
100. Obstruction of Regulator
101. Breach of confidentiality
102. Obstruction of execution of warrant
103. Failure to comply with enforcement or information notices
104. Offences by witnesses
105. Unlawful acts by responsible party in connection with account number
106. Unlawful acts by third parties in connection with account number
107. Penalties
108. Magistrate’s Court jurisdiction to impose penalties
109. Administrative fines

CHAPTER 12 GENERAL PROVISIONS
110. Amendment of laws
111. Fees
112. Regulations
113. Procedure for making regulations
114. Transitional arrangements
115. Short title and commencement
Sch. SCHEDULE LAWS AMENDED BY SECTION 110 [s110]
.
Legislation Text Access Point

Versions
[To check whether a version has commenced, and how it was commenced, please see the Timeline for the Act, and the Annotated Text for the version.]
Access Official Gazette PDF  Request Subscription Fee Subscriber Access
As unamended Act 2013_004_000_20131126 EXT.LINK (LB full copy on request) REQ.INFO LINK
As amended by ...N/AREQ.INFOLINK

* LegalB refers to a "version" of an Act or its sections in the format "YYYY_NNN_SSS_YYYYMMDD", which refers to "YEAR OF ACT_ACT NUMBER_SECTION OF ACT_DATE OF GAZETTE", and where "DATE OF GAZETTE" refers to the "YEAR_MONTH_DAY" on the face of the Gazette in which either the Act was originally published or in which the amending, lapsing or repealing instrument was published. Where any segment of the reference string contains only zeros, it means that information is not relevant, not made available, or unavailable.
* Unbolded grey text in square brackets is additional information provided by LegalB.
* "..." indicates further information not provided by LegalB for purpose of brevity
* An Asterisk indicates uncertainty regarding information, and a double asterisk indicates information must be read in the light of our relevant Commentary.