The Association for Savings and Investment South Africa (ASISA) recently issued guidelines for its members who are Responsible Parties as defined in the Protection of Personal Information Act (“POPIA”), to assist them in implementing POPIA (hereinafter referred to as “the Guidelines”).
Let’s unpack this development.
Codes of conduct in terms of POPIA – chapter 7
As you may recall from last year’s POPIA editions, the processing of personal information is diverse and extends across many different sectors. For this reason, the POPIA Act makes provision for the establishment of codes of conduct that will govern the processing of personal information within defined sectors.
A code of conduct can apply to a specific body, a specific class of information, a specific activity or a specific industry or profession. The Information Regulator may out of its own accord (but after consultation with affected stakeholders) issue a code of conduct or (the far more likely scenario) on the application of a body representative of an industry, profession, or vocation as defined in the code.
All codes of conduct must:
- incorporate all the Conditions for the lawful processing of personal information or set out obligations that provide a functional equivalent of all the obligations set out in those conditions; and
- prescribe how the Conditions for the lawful processing of personal information are to be applied, or are to be complied with, given the particular features of the sector or sectors of society in which the relevant responsible parties are operating.
It’s clear from the above that the issuing of codes of conduct does not mean that a particular sector will have more flexibility in respect of how it processes personal information. The intention is merely to give responsible parties operating within specific sectors governed by such codes of conduct clearer guidance on how to process personal information lawfully.
Who is ASISA?
ASISA is a non-profit company formed in 2008 to represent the collective interests of the country’s asset managers, collective investment scheme management companies, linked investment service providers, multi-managers and life insurance companies (retirement funds are not included).
ASISA enables the financial services industry, which is the custodian of the nation’s savings and investments, to speak with one voice. ASISA’s mission is to ensure that the industry and its members remain relevant and sustainable by promoting a culture of savings and investment.
ASISA recently published the Guidelines as general principles to assist its members in implementing POPIA. The main objective of the Guidelines is to promote high standards of behaviour and provide for, as practically as possible, a consistent approach on the part of responsible parties in their efforts to address their handling of personal information, as envisioned in POPIA and by the Regulator.
The Guidelines apply to the processing of personal information by ASISA members as Responsible Parties (i.e.: asset managers, collective investment scheme management companies, linked investment service providers, multi-managers and life insurance companies)
Please bear in mind that although the Guidelines set out standards of good practices relating to the processing of personal information, individual Responsible Parties must always ensure that they are compliant with the provisions of POPIA and/or any documents and guidance notes published by the Information Regulator.
Click here to read the document.