Draft standards on address data

1. The Protection of Personal Information Act 4 of 2013 (“POPIA“) has a wide application especially if one considers the definition of personal information which is defined in broad terms as “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”, which would include a physical address.

2. However, while POPIA is the primary source of rights and obligations in respect of personal information, POPIA cannot stand in isolation. The broader legislative landscape should be considered also when it comes to POPIA. In this regard, section 3(2) of POPIA provides that –

“(a) This Act applies, subject to paragraph (b), to the exclusion of any provision of any other legislation that regulates the processing of personal information and that is materially inconsistent with an object, or a specific provision, of this Act; and

(b) If any other legislation provides for conditions for the lawful processing of personal information that are more extensive than those set out in Chapter 3, the extensive conditions prevail.“

3. Accordingly, where other legislation imposes more extensive obligations, those obligations prevail over POPIA.

4. POPIA does not provide further details regarding the full import and meaning of physical addresses other than referring to it in terms of section 1 and specifically in the definition of personal information.

5. On 13 August 2021, the South African Bureau of Standards (“SABS“) issued various sets of standards for public comment. Of specific importance is the standard titled SANS 19160-3 Ed 1 – Addressing – Part 3: Address data quality. Establishes a set of data quality elements and measures for describing the quality of address data (“draft standard“).

The draft standard on address data

6. This draft standard recognises that addresses provide one of the most common ways to unambiguously determine an object for purposes of identification and location and yet they can vary considerably from country to country. Furthermore, that addresses serve many purposes including, inter alia, postal delivery, emergency response, marketing, mapping and land administration.

7. The wide range of uses for addresses as well as the need to share and aggregate address data necessitate a consistent framework for measuring and reporting the quality of address data. Consequently, the goal of the draft standard is to provide address data managers, address data aggregators and address data users with a consistent framework regarding the use of address data.

8. The draft standard sets out to achieve this by –

8.1 establishing a set of data quality elements and measures for describing the quality of address data;

8.2 describing procedures for reporting address data quality; and

8.3 providing guidelines for the use of the established data quality elements and measures for describing the quality of address data.

The mandate of the SABS to publish standards

9. The SABS has been established under the Standards Act 8 of 2008 (“Standards Act“). The mandate of the SABS is derived from section 23 of the Standards Act which posits, inter alia, that the SABS must, through a national consensus-building process, develop and maintain a national norm for the development of South African National Standards (“SANS“).

10. Furthermore, the national norm must detail a process for the development and amendment of SANS which ensures that as far as possible –[1]

10.1 the latest technological developments are considered;

10.2 the interests of all parties concerned, including manufacturers, suppliers and consumers are considered;

10.3 such SANS are harmonised with international standards if applicable; and

10.4 there has been an appropriate national consensus-building process in developing such SANS.

11. In pursuance of its mandate, the SABS develops and maintains SANS through National Technical Committees. These technical committees are a representative sample of the industry in which the standardisation activities are carried out.

12. In this light, it is therefore crucial for the public to be involved in the activities of the standards development to ensure, inter alia, that the final output represents the views of the entire South African community.

Impact of the draft standards from a POPIA perspective

13. When one considers POPIA, other legislative dictates should also be taken into consideration to the extent that they can provide clarification or guidance for purposes of interpreting POPIA and, in the current instance, specifically which factors constitute a physical address.

14. In the current instance, it is clear that the draft standard provides for further clarity regarding physical address data and what it entails.

15. The closing date for public comment on the draft standard is on 28 September 2021.

[1] See section 23(2) of the Standards Act.

Read more about POPIA: A Guide to the Protection of Personal Information Act of South Africa.

by Ahmore Burger-Smidt, Director and Head of Data Privacy and Cybercrime Practice and member of Competition Law Practice; and Dale Adams, Associate