Supreme Court Act, 1959
R 385
Protection of Personal Information Act, 2013 (Act No. 4 of 2013)Chapter 11 : Offences, Penalties and Administrative Fines109. Administrative fines |
(1) | If a responsible party is alleged to have committed an offence in terms of this Act, the Regulator may cause to be delivered by hand to that person (hereinafter referred to as the infringer) an infringement notice which must contain the particulars contemplated in subsection (2). |
(2) | A notice referred to in subsection (1) must— |
(a) | specify the name and address of the infringer; |
(b) | specify the particulars of the alleged offence; |
(c) | specify the amount of the administrative fine payable, which amount may, subject to subsection (10), not exceed R10 million; |
(d) | inform the infringer that, not later than 30 days after the date of service of the infringement notice, the infringer may— |
(i) | pay the administrative fine; |
(ii) | make arrangements with the Regulator to pay the administrative fine in instalments; or |
(iii) | elect to be tried in court on a charge of having committed the alleged offence referred to in terms of this Act; and |
(e) | state that a failure to comply with the requirements of the notice within the time permitted, will result in the administrative fine becoming recoverable as contemplated in subsection (5). |
(3) | When determining an appropriate fine, the Regulator must consider the following factors: |
(a) | The nature of the personal information involved; |
(b) | the duration and extent of the contravention; |
(c) | the number of data subjects affected or potentially affected by the contravention; |
(d) | whether or not the contravention raises an issue of public importance; |
(e) | the likelihood of substantial damage or distress, including injury to feelings or anxiety suffered by data subjects; |
(f) | whether the responsible party or a third party could have prevented the contravention from occurring; |
(g) | any failure to carry out a risk assessment or a failure to operate good policies, procedures and practices to protect personal information; and |
(h) | whether the responsible party has previously committed an offence in terms of this Act. |
(4) | If an infringer elects to be tried in court on a charge of having committed the alleged offence in terms of this Act, the Regulator must hand the matter over to the South African Police Service and inform the infringer accordingly. |
(5) | If an infringer fails to comply with the requirements of a notice, the Regulator may file with the clerk or registrar of any competent court a statement certified by it as correct, setting forth the amount of the administrative fine payable by the infringer, and such statement thereupon has all the effects of a civil judgment lawfully given in that court in favour of the Regulator for a liquid debt in the amount specified in the statement. |
(6) | The Regulator may not impose an administrative fine contemplated in this section if the responsible party concerned has been charged with an offence in terms of this Act in respect of the same set of facts. |
(7) | No prosecution may be instituted against a responsible party if the responsible party concerned has paid an administrative fine in terms of this section in respect of the same set of facts. |
(8) | An administrative fine imposed in terms of this section does not constitute a previous conviction as contemplated in Chapter 27 of the Criminal Procedure Act, 1977 (Act No. 51 of 1977). |
(9) | A fine payable in terms of this section must be paid into the National Revenue Fund referred to in section 213 of the Constitution. |
(10) | The Minister may, from time to time and after consultation with the Regulator, by notice in the Gazette, adjust the amount referred to in subsection (2)(c) in accordance with the average of the consumer price index, as published from time to time in the Gazette, for the immediately preceding period of 12 months multiplied by the number of years that the amount referred to in subsection (2)(c) has remained the same. |