popi act compliance presentation
TRANSCRIPT
OVERVIEWOUR APPROACHOUR OFFERINGSCONCLUSION
A BACKGROUND ON PRIVACY
Olmstead case – basis of our understanding of privacyImportant because information has become easily accessible:
46% increase from 2010Crime committed: – every 3.5 minutes in NYC– every 2.5 minutes in Tokyo– every 3 seconds an identity stolen online
Highest number of cybercrime victims worldwide: – 92% RUSSIA – 84% CHINA – 80% SOUTH AFRICA
Greater revenue than drug tradeMobile growth sparks increase
WHAT IS POPI?
WHAT IS POPI?
Right to be left aloneEnshrined in sect 14 of ConstitutionBalances right of privacy with other rights, in particular access to informationPrescribes minimum processing requirementsProvides remedies to abuse of PIProtects free flow of informationInternational harmony
THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT WILL HAVE AN IMPACT ON ALMOST EVERY COMPANY OPERATING IN SA?
DID YOU KNOW:
THE POPI ACT WILL
ESTABLISH ACODE OF CONDUCT FOR CONFIDENTIAL HANDLING OF PERSONAL INFORMATION
CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION
Collection of data (Accountability)
Processing limitationsRetention & Deletion of data (Purpose Specification)
Further Processing of Data
Data security (Security Safeguards)
Data subject participation
Notification (Openness)
8Information Quality
COLLECTION OF DATA
Information must be collected directly from the individualExceptions:– Public records– Consent given to a third party – Law enforcement
COLLECTION OF DATA
The person must be aware of the purpose for collecting their personal information and give consentThere is additional consent needed to store and process data outside of South Africa
PROCESSING LIMITATIONS Businesses are not permitted to processpersonal information of children under 18
Religious or philosophical beliefs
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
Trade union membership
or political opinions
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
Health, sexual life or biometric details
Race or ethnic origin
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
Criminal Behaviour
RETENTION OF DATA
Information must NOT be kept any
longer than is necessary for
processing
DELETION OF INFORMATION
Data must be destroyed as soon as possibleIt must be impossible for data to ever be recovered or reconstructed
DATA SECURITYTechnical and organisational security measures to prevent data loss or damage, or unlawful access to personal information are essential.
DATA SUBJECT PARTICIPATION
A person must be able to:Find who has their dataRequest a copy of all personal information heldby an organisation Request amendments or deletion of their data, and receive proof this has been done
**********
NOTIFICATION
Reasonable steps must be taken to ensure that the data subject is aware of breaches to informationData Subjects must be supplied with information:– How collected– Contact details of Responsible Party– Purpose and Consequences– Laws authorising or requiring collection of information– When the Responsible party intends to send the
information to a third party or across international borders, including level of protection
– Any further information
ENFORCEMENT
Official complaint processPunishment up to 10 years imprisonment and/or fine up to R10 millionCivil action may also be taken
SOME BREACH EXAMPLES
EXCEPTIONS
Processed for purely personal or household activitiesDe-identified Personal InformationProcessed for National security defence or public safetyProcessed in investigating and prosecuting crimeCabinet and EC of ProvincesExemptions granted by Regulator Journalistic purposes
OVERVIEWOUR APPROACHOUR OFFERINGSCONCLUSION
OUR APPROACH
We can help companies define a strategy and roadmap to become compliant with the POPI Act. We provide a complete and holistic execution that interweaves the key areas of PEOPLE
PROCESSESTECHNOLOGY
PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.
INSIGHT TRANSFORMATIONROADMAP ENABLEMENT
• People understanding• Skills and capacity• Process capability• Technology availability
and capability
Design the business response to ensure effective and efficient compliance
Prioritised investment route map based on business and IT considerations in support of defined architecture
Currentstate
POPI vision and strategy
People educationProcess compliance
Technology capability
PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.
INSIGHT TRANSFORMATIONROADMAP ENABLEMENT
• People understanding• Skills and capacity• Process capability• Technology availability
and capability
Design the business response to ensure effective and efficient compliance
Prioritised investment route map based on business and IT considerations in support of defined architecture
Currentstate
POPI vision and strategy
People educationProcess compliance
Technology capability
PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.
Currentstate
POPI vision and strategy
People educationProcess compliance
Technology capability
Status of Enablement
Business and compliance risks
Business and risk
considerationsCosts and time considerations
Business architecture
Information systems architecture
Technology architecture
People enablement
OVERVIEWOUR APPROACHOUR OFFERINGSCONCLUSION
STRATEGY
POPI Strategy and Implementation RoadmapBusiness case development
TRAINING AND EDUCATION
POPI Act and Implications customised for implemented solutions
CHANGE & COMMUNICATION
Strategy & PlanningDevelopment & execution of awareness campaigns
DATA
Data Audits, Security &
Management
PROCESS & CONTENT
Process Solution Design & Automation Records Management assessment, design & enablementSecurity policy enablementContent archival solutions Content GovernanceDocument destruction services
OVERVIEWOUR APPROACHOUR OFFERINGSCONCLUSION
LAWS AFFECTED BY POPI
ANY QUESTIONS?
THANK YOU FOR TAKING THE TIME TO EDUCATE YOURSELF ON POPI!