If you had hopes that the new kid on the block would disappear if you ignored it long enough, think again. Updates and exemptions are flying in thick and fast and furious.
On Monday we published comments on a guidance note from the Information Regulator concerning applications for exemption from certain POPIA requirements and the obligation to register an Information Officer.
On the same day, two further guidance notes were published – one concerning personal information of children, and another on the processing of “Special Personal Information”.
Guidance Note on Exemption applications
Last week we reported on a number of exemptions published two weeks prior to the effective date of POPIA, that being today. The publication also noted that the registration of an information officer would be delayed in view of technical hitches with the registration system.
A document titled Clarity on POPIA exemptions and information officer registration, written by Peter Grealy &, Dario Milo at Webber Wentzel provides clarity on the guidelines published by the Information Regulator, including examples of the various areas and simple “how to” guidelines on the application process.
Guidance Note on processing of Special Personal Information
Section 26 of POPIA prohibits the processing of special personal information, subject to exceptions provided for in section 27(1). Such information would include religious or philosophical beliefs, race and ethnic origin, trade union membership, political persuasion, biometric information and, interestingly, the criminal behaviour of a data subject.
The purpose of the Guidance Note is to guide responsible parties who are required to obtain authorisation from the Regulator to process special personal information, as provided for in section 27(2) of POPIA.
The Guidance note then lists 8 conditions under which the prohibition on processing of personal information does not apply.
In terms of Section 27(2) of POPIA, the Regulator may by notice in the Gazette authorise a responsible party to process special personal information if the Regulator is satisfied that the such processing is-
- in the public interest; and
- appropriate safeguards have been put in place to protect the special personal information of the data subject.
The Guidance Note also stipulates the meaning of “public interest” and “appropriate safeguards”.
Guidance Note on processing of personal information of children
A responsible party is, in terms of section 34 of POPIA, and subject to section 35(1) of POPIA, prohibited from processing personal information of children. This does not apply if such processing is –
2.2.1 carried out with the prior consent of a competent person;
2.2.2 necessary for the establishment, exercise or defence of a right or obligation in law;
2.2.3 necessary to comply with an obligation of international public law;
2.2.4 for historical, statistical or research purposes;
2.2.5 of personal information of children which has deliberately been made public by the child with the consent of a competent person.
In terms of Section 35(2) of POPIA, the Regulator may, by notice in the Gazette, authorise a responsible party to process personal information of children if the Regulator is satisfied that the such processing is –
4.1.1 in the public interest; and
4.1.2 appropriate safeguards have been put in place to protect the personal information of the child.”
The Guidance Note stipulates the meaning of “public interest” and “appropriate safeguards”.
The only advice we can share comes from Alice in Wonderland – “I don’t see how he can ever finish, if he doesn’t begin.”
Click below to download the three latest Guidance Notes.
Guidance Note on Exemption applications
Guidance Note on processing of Special Personal Information
Guidance Note on processing of Personal Information of Children