Section 21 (responsible party and operator) agreements

In terms of Section 21 of the Protection of Personal Information Act a responsible party (the party who determines the purpose and means of processing of personal information) must conclude a written contract with an operator (the person who processes personal information for a responsible party) with the aim of ensuring that the operator processes the personal information in terms of a minimum information security safeguards that are statutorily required to be implemented in terms of Section 19 of the Protection of Personal Information Act.

In dealing with the contracts contemplated in terms of section 21 it is essential that the drafters have a good understanding of the information security safeguards that may be required in protecting personal information. It is also necessary to understand that the requirements contained in these agreements cannot be based on a “one size fits all” approach. The nature of the information and the manner of its processing will often require differing approaches to the information security necessary. This task is not one that can be performed by an attorney (who do not have appropriate information security background) or an information security specialist (who do not have the necessary legal and contractual background) in isolation. It is necessary that a multidisciplinary approach be adopted in dealing with the drafting of appropriate contracts that are required by Section 21.

Privacy Online consultants provide both the legal and information security skills necessary to appropriately address this important requirement of the Protection of Personal Information Act.

  • 13 September 2017 - 12:37:00
    In Government Gazette No. 41105 published on the 8th September 2017, the Information Regulator invited comment on the draft Regulations ...

  • 11 April 2017 - 10:02:00
    I was recently referred to an article entitled "Responding to Cybercrime at Scale: Operation Avalanche - A Case Study". The article is published by the Centre for Cyber and Homeland Security at the George Washington University and is authored by Robert Wainwright, a director of Europol and Frank J. Cilluffo, director of the Centre for Cyber and Homeland Security.

    For anyone dealing with the Cybercrimes and Cybersecurity Bill, this article provides some insight into the complexity of cybercrime and the profoundly different way in which the combatting of cybercrime needs to be addressed.