South Africa: Information Regulator announces receipt of CBA code of conduct and opening of consultation period

On 12 October 2021, the Information Regulator (Regulator), the South African monitoring body for personal information, has given notice of its receipt of a code of conduct on the legal processing of personal information by the Credit Bureau Association (CBA), a representative of eleven registered credit bureaus in South Africa. Under section 61(2) of the Protection of Personal Information Act (POPI) 2013, the Regulator may issue sector-specific codes of conduct on the processing of personal information either on its own initiative or on the application of a sector's representative body. The code contains procedures and rules on the appropriate processing of personal information by CBA members. Specifically, personal information is to be treated with disclosure and the processing of data is limited to the original purpose for processing. Furthermore, data subjects' rights have to be honoured and a privacy disclosure mechanism has to be installed. In further accordance with section 61 of the POPI, the Regulator has invited comments from affected parties until 26 October 2021.