The Protection of Personal Information Act was signed into law in November 2013. The Act aims to promote the protection of personal information by private and public bodies and provide for minimum conditions that should be followed in the lawful processing of information. The Act also provides for the establishment of an Information Regulator.
The President signed a proclamation which was gazetted on 11 April 2014 where the effective date of certain sections of the Act was proclaimed as 11 April 2014.
The following sections are in effect from 11 April 2014:
- section 1 which deals with the definitions in the Act;
- Part A of Chapter 5 which deals with the establishment of the Information Regulator, the powers, duties and functions of the Regulator, appointment and terms of office of members of the Regulator, appointment of staff and the chief executive officer;
- section 112 dealing with the fact that the Minister may make Regulations relating to the establishment of the Regulator and that the Regulator may make Regulations in terms of certain areas; and
- section 113 dealing with the procedures for making Regulations by the Minister and the Regulator.
This is just the first step of the implementation of the Protection of Personal Information Act. Once section 114 is enacted all processing of personal information must conform to the requirements in the Act within one year after that date.