South Africa: Period for comments on CBA code of conduct expires

On 26 October 2021, the period for submitting comments to the Information Regulator (Regulator) on the Credit Bureau Association's (CBA) code of conduct regarding the processing of personal information has expired. The consultation period was opened on 12 October 2021. Under section 61(2) of the Protection of Personal Information Act (POPI) 2013, the Regulator may issue sector-specific codes of conduct on the processing of personal information either on its own initiative or on the application of a sector's representative body. The code contains procedures and rules on the appropriate processing of personal information by CBA members. Specifically, personal information is to be treated with disclosure and the processing of data is limited to the original purpose for processing. Furthermore, data subjects' rights have to be honoured and a privacy disclosure mechanism has to be installed.