South Africa: Closed consultation on Information Regulator Code of conduct on processing personal information by the residential communities council

On 22 September 2023, the Information Regulator opened a public consultation on processing personal information by the residential communities council. The code and outlines obligations including obtaining consent for processing biometric and employee data, ensuring compliance with Protection of Personal Information Act when sharing data with third parties. The code also highlights implementing security measures like encryption and risk assessments under frameworks such as National Institute of Standards and Technology or International Organisation for Standardisation 27001/2022 on information security management systems. The code also mandates the retention of data in line with legal requirements, the protection of children’s data, and the handling of transborder information flows. The code further details the responsibilities of information officers and requires the reporting of security breaches to the Information Regulator.