A Synopsis of Proposed Data Protection Legislation in SA

Francis S. Cronjé
KPMG Services (Proprietary) Limited
Parktown, South Africa
francis@cybersmart.co.za

ABSTRACT

Privacy International made the following statement regarding South Africa’s financial sector in its 2005 world survey:

“South Africa has a well-developed financial system and banking infrastructure. Despite the sophistication of the financial sector, the privacy of financial information is weakly regulated by a code of conduct for banks issued by the Banking Council.”

This extract highlights some of the problems South Africa are experiencing with its current status on privacy as viewed from an International perspective. In recent years the International society has stepped up its efforts in creating a global village wherein the individual could be assured of having his/her privacy protected. Various conventions and guidelines have previously laid the foundation for privacy but it was not until the European Union’s (EU) launch of its Directive on Data Protection in 1995 that we have seen a real coerced shift in the focus of such protection. Cross border data transfers from the EU became something of the past unless third countries (those countries outside the EU) could prove the existence of adequate data protection provisions. It seemed to a big extend that international trade would be hampered and some of its biggest trading partners, such as the US, suddenly felt the impact due to its lagging protection measures. In order to curtail such inadequacies, a Safe Harbor Agreement was entered into between the EU and US whereby cross border data flow would be allowed under certain prerequisites. This Agreement however, does not cover Financial Institutions.