Information Regulator Seeks Input on Draft POPIA Regulations for Health and Sex Life Data

Posted 26 September 2025 Written by Acts Online
Category POPIA

Brought to you by SA Legal Academy: The Information Regulator has invited public comment on draft regulations intended to govern the processing of special personal information under the Protection of Personal Information Act, No. 4 of 2013 (POPIA).

In terms of the Protection of Personal Information Act, No. 4 of 2013, the Information Regulator has issued a call for input on draft regulations specifically addressing the processing of data concerning a data subject’s health or sex life. Stakeholders and interested parties have until 10 October 2025 to submit their comments on the proposed regulatory framework.

Once finalised, these regulations will establish mandatory standards for various entities that handle sensitive health-related data. The scope of the draft regulations extends to the following sectors and entities:

  • Insurance companies;
  • Pension funds;
  • Medical schemes;
  • Managed healthcare organisations; and
  • All associated administrative bodies, institutions, and personnel.

The proposed regulations are designed to provide clarity on the conditions under which such special personal information may be processed, ensuring alignment with the privacy protections mandated by POPIA while facilitating necessary administrative and healthcare functions. The Information Regulator aims to address specific regulatory gaps regarding the access and security of sensitive health data within the financial and medical services industries.

What this means for you, your business, or your clients

  • For yourself: Ensure your professional understanding of ‘special personal information’ categories is updated to include the specific compliance nuances for health and sex life data as defined in the draft regulations.
  • For your business: Review existing data processing agreements and internal privacy policies to identify gaps between current practices and the proposed regulatory requirements for health-related data before the 10 October 2025 deadline.
  • For your clients: Advise clients in the insurance, pension, and healthcare sectors to conduct a data audit to determine if their current processing of health or sex life data meets the heightened security and consent standards outlined in the draft regulations.

Originally published at https://legalacademy.co.za/news/read/popia-input-sought-on-health-sex-life-data-access-regulatory-proposals

The views expressed herein are those of the author and do not necessarily reflect those of Acts Online. Acts Online accepts no responsibility for the accuracy, completeness or fairness of the article, nor does the information contained herein constitute advice, legal or otherwise.