Section 21 (responsible party and operator) agreements

In terms of Section 21 of the Protection of Personal Information Act a responsible party (the party who determines the purpose and means of processing of personal information) must conclude a written contract with an operator (the person who processes personal information for a responsible party) with the aim of ensuring that the operator processes the personal information in terms of a minimum information security safeguards that are statutorily required to be implemented in terms of Section 19 of the Protection of Personal Information Act.

In dealing with the contracts contemplated in terms of section 21 it is essential that the drafters have a good understanding of the information security safeguards that may be required in protecting personal information. It is also necessary to understand that the requirements contained in these agreements cannot be based on a “one size fits all” approach. The nature of the information and the manner of its processing will often require differing approaches to the information security necessary. This task is not one that can be performed by an attorney (who do not have appropriate information security background) or an information security specialist (who do not have the necessary legal and contractual background) in isolation. It is necessary that a multidisciplinary approach be adopted in dealing with the drafting of appropriate contracts that are required by Section 21.

Privacy Online consultants provide both the legal and information security skills necessary to appropriately address this important requirement of the Protection of Personal Information Act.

news
  • 09 October 2018 - 12:11:00
    The 28th September 2018 saw the world celebrate “Right2Know” day. The Information Regulator (Regulator) is to be congratulated on organising a conference to mark the celebration. Several speakers eloquently emphasised the importance of access to information in an open democracy as well as the enforcement of sanctions against those who do not comply with their obligations. The importance of the handing over of the Regulation of the Promotion of Access to Information Act to the Information Regulator was also addressed as the South Human Rights Commission has never enjoyed the enforcement powers granted to the Regulator.

  • 08 August 2018 - 13:41:00
    On the 25th July 2018 as a result of announcements that were made by Facebook relating to its future revenues the market value of Facebook dropped by US$ 148 billion (or R1,95 trillion). This is almost half of South Africa’s total GDP in 2016.

    While there may be several reasons for the decline in Facebook’s revenue which led to the sell-off of shares, one of the three primary factors for the decrease in projected profitability of Facebook is the focus on privacy and security