The Data Protection Bill, 2012
PART II—OBJECTS AND PERSONAL INFORMATION
PROTECTION PRINCIPLES
3. The objects of this Act include to—
Objects of this Act.
(a) give effect to the right of every person to privacy as
provided under Article 31 (c) and (d) of the Constitution;
(b) protect a person’s right to privacy for their personal data
with regard to their private and family life subject to this
Act; and
(c) safeguard personal data from use or disclosure which is not
in the interest of the data subject except in terms of this
Act.
Principles of data
protection.
4. The following principles of data protection shall guide the
application and interpretation of this Act —
(a) information is collected or stored if it is necessary for or
directly related to a lawful, explicitly defined purpose
and does not intrude upon the privacy of the data
subject to an unreasonable extent;
(b) information is collected directly from and with the
consent of the data subject;
(c) data subject is informed of the purpose of any
collection of information and of the intended recipients
of the information, at the time of collection;
(d) information is not kept for any longer than is necessary
for achieving the purpose for which it was collected;
(e) information is not distributed in a way incompatible
with the purpose for which is was collected that is with
direct consent and subject to any notification that would
attract objection;
(f) reasonable steps are taken to ensure that the information
processed is accurate, up to date and complete;
(g) appropriate technical and organizational measures are
taken to safeguard the data subject against the risk of
loss, damage, destruction of or unauthorized access to
6