On 24 June 2022, the Information Regulator of South Africa (Information Regulator) published a notice in terms of section 61(2) of the Protection of Personal Information Act 4 of 2013 (POPIA) that it is in receipt of a code of conduct from the Banking Association of South Africa (BASA) that deals with how personal information will be processed in the banking sector.

The above recent notice is a carbon copy of the notice that was published on 11 June 2021 and also issued under section 61(2) of POPIA inviting affected persons to provide comments to the code of conduct.[1]

Have there been any changes to the code of conduct in the interim? No.

We have previously written on the full extent and expanse of the code of conduct, and note that the code outlines the appropriate practices to be followed by members of BASA for the lawful processing of personal information in terms of POPIA.

Whether by choice or necessity, most South African citizens have a bank account or perform financial transactions with banks. The activities range from online shopping to payment of their monthly bills and bank and credit union account management. All these activities involve huge chunks of personal information and often sensitive information.

Accordingly, the code of conduct serves as a significant undertaking by BASA and its members on how the processing of personal information will comply with POPIA. The notice invites affected persons to provide comments to the code of conduct on or before 14 July 2022.

[1] See the notice issued by the Information Regulator on 11 June 2021, accessed on 30 June 2022.