Reproduced by Sabinet Online in terms of Government Printer’s Copyright Authority No. 10505 dated 02 February 1998
36
No. 37067
GOVERNMENT GAZETTE, 26 November 2013
Act No. 4 of 2013
Protection of Personal Information Act, 2013
36
information, if the Regulator has reasonable grounds to believe that such publicity
would protect a data subject who may be affected by the compromise.
Condition 8
Data subject participation
Access to personal information
23. (1) A data subject, having provided adequate proof of identity, has the right to—
(a) request a responsible party to confirm, free of charge, whether or not the
responsible party holds personal information about the data subject; and
(b) request from a responsible party the record or a description of the personal
information about the data subject held by the responsible party, including
information about the identity of all third parties, or categories of third parties,
who have, or have had, access to the information—
(i) within a reasonable time;
(ii) at a prescribed fee, if any;
(iii) in a reasonable manner and format; and
(iv) in a form that is generally understandable.
(2) If, in response to a request in terms of subsection (1), personal information is
communicated to a data subject, the data subject must be advised of the right in terms of
section 24 to request the correction of information.
(3) If a data subject is required by a responsible party to pay a fee for services
provided to the data subject in terms of subsection (1)(b) to enable the responsible party
to respond to a request, the responsible party—
(a) must give the applicant a written estimate of the fee before providing the
services; and
(b) may require the applicant to pay a deposit for all or part of the fee.
(4) (a) A responsible party may or must refuse, as the case may be, to disclose any
information requested in terms of subsection (1) to which the grounds for refusal of
access to records set out in the applicable sections of Chapter 4 of Part 2 and Chapter 4
of Part 3 of the Promotion of Access to Information Act apply.
(b) The provisions of sections 30 and 61 of the Promotion of Access to Information
Act are applicable in respect of access to health or other records.
(5) If a request for access to personal information is made to a responsible party and
part of that information may or must be refused in terms of subsection (4)(a), every other
part must be disclosed.
Correction of personal information
5
10
15
20
25
30
35
24. (1) A data subject may, in the prescribed manner, request a responsible party to—
(a) correct or delete personal information about the data subject in its possession
or under its control that is inaccurate, irrelevant, excessive, out of date,
incomplete, misleading or obtained unlawfully; or
(b) destroy or delete a record of personal information about the data subject that 40
the responsible party is no longer authorised to retain in terms of section 14.
(2) On receipt of a request in terms of subsection (1) a responsible party must, as soon
as reasonably practicable—
(a) correct the information;
(b) destroy or delete the information;
45
(c) provide the data subject, to his or her satisfaction, with credible evidence in
support of the information; or