Section 21 (responsible party and operator) agreements

In terms of Section 21 of the Protection of Personal Information Act a responsible party (the party who determines the purpose and means of processing of personal information) must conclude a written contract with an operator (the person who processes personal information for a responsible party) with the aim of ensuring that the operator processes the personal information in terms of a minimum information security safeguards that are statutorily required to be implemented in terms of Section 19 of the Protection of Personal Information Act.

In dealing with the contracts contemplated in terms of section 21 it is essential that the drafters have a good understanding of the information security safeguards that may be required in protecting personal information. It is also necessary to understand that the requirements contained in these agreements cannot be based on a “one size fits all” approach. The nature of the information and the manner of its processing will often require differing approaches to the information security necessary. This task is not one that can be performed by an attorney (who do not have appropriate information security background) or an information security specialist (who do not have the necessary legal and contractual background) in isolation. It is necessary that a multidisciplinary approach be adopted in dealing with the drafting of appropriate contracts that are required by Section 21.

Privacy Online consultants provide both the legal and information security skills necessary to appropriately address this important requirement of the Protection of Personal Information Act.

  • 08 August 2018 - 13:41:00
    On the 25th July 2018 as a result of announcements that were made by Facebook relating to its future revenues the market value of Facebook dropped by US$ 148 billion (or R1,95 trillion). This is almost half of South Africa’s total GDP in 2016.

    While there may be several reasons for the decline in Facebook’s revenue which led to the sell-off of shares, one of the three primary factors for the decrease in projected profitability of Facebook is the focus on privacy and security

  • 08 August 2018 - 13:36:00
    As I wrote in a previous article, South Africa according to the PWC Global economic crime and fraud survey of 2018 suffers the second highest number of cybercrimes of all the countries in the world. While I have no statistics to support this I would suggest that internet banking fraud must rank as one of the primary attack vectors for cybercriminals.

    The Ombudsman for Banking Services of South Africa (Ombud) reported that for the first time in 2017 internet banking fraud was the category of crime that was most prevalent of the disputes that the Ombud has been requested to deal with. No less than 1377 internet banking complaints were closed by the Ombud in 2017. It is clear that significantly more citizens are victims of internet banking fraud as not all of the matters have been referred to the Ombud.