Many associations publish a code of conduct (CoC) to which their members must adhere. It is binding on their members and self-regulation in the public interest. There are often good reasons for drafting and publishing a code.

  • Sometimes, it is so that the association is recognised as an industry representative body. For example, one of the reasons ISPA created its code so that it would be recognised by law and therefore enable its members to get limited liability.
  • Another objective could be to set a standard. Or to increase the trust and confidence that the public has in a particular service. For example, if a company says “We are a member of the DMA”, the idea is that the public can rely on the company because it is part of a body (a club) whose members adhere to certain standards.

Why are they worth creating?

  • The primary purpose of a code of conduct is to apply the law in a practical way to an industry or sector.
  • A code can also be a way for a sector, industry or a group of stakeholders to regulate themselves, rather than being regulated by a regulator. For example, like where the Information Regulator issues a code under section 60 of the Protection of Personal Information Act (POPIA). One advantage for any organisation that is a member of the association whose code has been issued, is that they do not need to get the prior authorisation (or notify the Information Regulator) before they process personal information.
  • Codes of conduct help organisations to achieve better data protection compliance in a cost-effective way.
  • They can help an organisation earn customer trust and confidence.
  • They can enable the international transfer of personal information to different countries (cross-border transfers) if someone agrees to adhere to a code and thereby provide appropriate safeguards.

Examples of direct marketing codes of conduct

Some people think that the ICO’s direct marketing code of practice is a code of conduct but it is actually not. It is a statutory code of practice prepared under section 122 of the Data Protection Act 2018. Some people also think the information regulator guidance note on direct marketing is a code but it is just guidance. There aren’t really any direct marketing standards.

Examples of Internet Service Provider Codes of Conduct

Examples of Credit Bureau Codes of Conduct

Other examples

  • BASA code of conduct for the banking industry in South Africa
  • The Association for Savings & Investments SA (ASISA) Codes, Standards and Guidelines
  • The Council for Medical Schemes (CMS) Code of Conduct
  • South African Insurance Association (SAIA) Code of Conduct
  • The Parliament of South Africa‘s Code of Conduct
  • The Federation of African Professional Staffing Organisations (APSO) Codes
  • The Legal Practice Council (LPC) Code of Conduct
  • The Estate Agency Affairs Board (EAAB) Code of Conduct
  • The Universities South Africa POPIA Industry guideline for public universities

Is a CoC binding and enforceable?

Only if you decide to abide by it. All organisations should consider adhering to all applicable codes (see King Code). They do not have to, but if they want to be a member of an association (and receive the benefits associated with that), they must comply with the code of that association. All codes generally include an enforcement mechanism.

What does a code of conduct contain?

The code normally reads like so:

  • Members must do ABC
  • Members should consider XYZ
  • Members may do …, but must not do …

There are also some general matters that must be dealt with:

  1. To whom does it apply
  2. What is its status
  3. How can it be changed
  4. The consequences for members if they do not comply
  5. How people can complain about members

Characteristics of a good code of conduct

Your code must be:

  1. created by an eligible body
  2. outcomes-based and have clear objectives
  3. acceptable to both members and regulators
  4. compatible with other codes and standards
  5. in compliance with all applicable laws and not increase the legal requirements
  6. implementable, have a grace period and be certifiable
  7. enforceable
  8. in plain, clear and understandable language with summaries
  9. beautifully designed and available in multiple formats (including pdf and html)
  10. adaptable by including a clear mechanism for updates

A code should be:

  • short and to the point
  • well structured
  • consistent
  • clear on what conduct is permitted and what is not
  • specific, relevant and applicable to the members

The ISPA Code of Conduct is a reasonably good example. There are however many horrible codes that do not meet these criteria.

Sometimes authorities or regulators issue guidelines on drafting codes of conduct.

How we can help

If you are an industry body, as experts on legal documents we can help you:

  • review and update your existing code
  • update your code to bring it in line with the latest law (like the GDPR, PECR or POPIA)
  • draft a new code for you, including workshopping and formulating the content
  • get your code issued by a regulator or authority
  • present it to your members
  • train your members on complying with it
  • to respond if you are accused of not complying

If you are a member, we can help you:

  • comment on a code of an association you belong to is suggesting
  • help you to comply with a code of conduct
  • respond if you are accused of not complying

Useful resources