Acts Online
GT Shield

Protection of Personal Information Act, 2013 (Act No. 4 of 2013)

Chapter 1 : Definitions and Purpose

1. Definitions

 

 

In this Act, unless the context indicates otherwise—

 

"biometrics"

means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;

 

"child"

means a natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself;

 

"code of conduct"

means a code of conduct issued in terms of Chapter 7;

 

"competent person"

means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;

 

"consent"

means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;

 

"Constitution"

means the Constitution of the Republic of South Africa, 1996;

 

"data subject"

means the person to whom personal information relates;

 

"de-identify"

in relation to personal information of a data subject, means to delete any information that—

(a) identifies the data subject;
(b) can be used or manipulated by a reasonably foreseeable method to identify the data subject; or
(c) can be linked by a reasonably foreseeable method to other information that identifies the data subject,

and "de-identified" has a corresponding meaning;

 

"direct marketing"

means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of—

(a) promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
(b) requesting the data subject to make a donation of any kind for any reason;

 

"electronic communication"

means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient;

 

"enforcement notice"

means a notice issued in terms of section 95;

 

"filing system"

means any structured set of personal information, whether centralised, decentralised or dispersed on a functional or geographical basis, which is accessible according to specific criteria;

 

"information matching programme"

means the comparison, whether manually or by means of any electronic or other device, of any document that contains personal information about ten or more data subjects with one or more documents that contain personal information of ten or more data subjects, for the purpose of producing or verifying information that may be used for the purpose of taking any action in regard to an identifiable data subject;

 

"information officer"

of, or in relation to, a—

(a) public body means an information officer or deputy information officer as contemplated in terms of section 1 or 17; or
(b) private body means the head of a private body as contemplated in section 1, of the Promotion of Access to Information Act;

 

"Minister"

means the Cabinet member responsible for the administration of justice;

 

"operator"

means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;

 

"person"

means a natural person or a juristic person;

 

"personal information"

means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

 

"prescribed"

means prescribed by regulation or by a code of conduct;

 

"private body"

means—

(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business or profession;  or
(c) any former or existing juristic person, but excludes a public body;

 

"processing"

means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—

(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information;

 

"professional legal adviser"

means any legally qualified person, whether in private practice or not, who lawfully provides a client, at his or her or its request, with independent, confidential legal advice;

 

"Promotion of Access to Information Act"

means the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000);

 

"public body"

means—

(a) any department of state or administration in the national or provincial sphere of government or any municipality in the local sphere of government; or
(b) any other functionary or institution when—
(i) exercising a power or performing a duty in terms of the Constitution or a provincial constitution; or
(ii) exercising a public power or performing a public function in terms of any legislation;

 

"public record"

means a record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that public body;

 

"record"

means any recorded information—

(a) regardless of form or medium, including any of the following:
(i) Writing on any material;
(ii) information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
(iii) label, marking or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means;
(iv) book, map, plan, graph or drawing;
(v) photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
(b) in the possession or under the control of a responsible party;
(c) whether or not it was created by a responsible party; and
(d) regardless of when it came into existence;

 

"Regulator"

means the Information Regulator established in terms of section 39;

 

"re-identify"

in relation to personal information of a data subject, means to resurrect any information that has been de-identified, that—

(a) identifies the data subject;
(b) can be used or manipulated by a reasonably foreseeable method to identify the data subject; or
(c) can be linked by a reasonably foreseeable method to other information that identifies the data subject,

and "re-identified" has a corresponding meaning;

 

"Republic"

means the Republic of South Africa;

 

"responsible party"

means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;

 

"restriction"

means to withhold from circulation, use or publication any personal information that forms part of a filing system, but not to delete or destroy such information;

 

"special personal information"

means personal information as referred to in section 26;

 

"this Act"

includes any regulation or code of conduct made under this Act; and

 

"unique identifier"

means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.