One of the requirements of POPIA is that every organisation must have a code of conduct (‘COC’) that has been drafted or approved by the Information Regulator (‘IR’). The former can be created by individual businesses or by associations by and for their members.
Clearly creating your own COC means that you or your association can create a document that addresses your particular needs rather than being generic.
You may recall that the Consumer Protection Act (‘CPA’) required businesses to establish a COC – that was 10 years ago and one has to ask: ‘How many businesses did so’?! Likewise, you may or may not know that the Consumer Goods & Services Ombudsman (‘CGSO’) drafted a COC that came into effect April 30 2015. It apples to and sets minimum standards for the consumer goods and services industry – see: http://cgso.org.za//codeofconsumergoodsandservicesombud
Like with the PAIA manual that will now be ‘blended’/’aligned’ with your POPIA manual, you may want to address/blend POPIA and CPA compliance in your COC.
There are good reasons to have a COC and here are a few reasons:
- Dealing with a business that has its own COC or belongs to an association with a COC creates confidence with customers and in the case of an association it also encourages membership
- Customers (Data Subject: ‘DS’) will feel more comfortable about disclosing and the processing of their personal information (‘PI’)
- Spelling out ‘cradle to grave’ PI management, creates a visible POPIA compliance policy and environment within your business
The IR has published guidelines for the drafting of a COC (to be submitted to the IR for approval) and here are a few key indicators:
- Purpose and scope
- The processing of high-risk PI
- Whether your business is local or international
- Monitoring compliance with the COC
- Consultation with stakeholders
- How breaches will be addressed
- Automated decision-making by DS
- Complaint handling – must be e.g. plain language, readily available and fair
RE COMPLAINTS SECTION OF COC SEE FOLLOWING WEBSITE
GENERAL ENQ USE: https://www.justice.gov.za/inforeg/
RE COVID USE FOLOWING:
© ADV LOUIS NEL
May 09 2021
DISCLAIMER – Each case depends on its own facts & merits – the above does not constitute advice – independent advice should be obtained in all instances
‘This series of articles will assist you in your compliance with POPIA and will address monthly the following topics: The Appointment of Information Officers; Code of Conduct; Prior Authorization (x2); Employees (x6); POPIA & PAIA Manuals; CCTV; Direct Marketing and further topical issues as they arise – if required online POPIA training sessions (1 – 1.5 hours duration including Q&A) can be arranged with Adv Nel’