popi act compliance presentation

OVERVIEWOUR APPROACHOUR OFFERINGSCONCLUSION

A BACKGROUND ON PRIVACY

Olmstead case – basis of our understanding of privacyImportant because information has become easily accessible:

46% increase from 2010Crime committed: – every 3.5 minutes in NYC– every 2.5 minutes in Tokyo– every 3 seconds an identity stolen online

Highest number of cybercrime victims worldwide: – 92% RUSSIA – 84% CHINA – 80% SOUTH AFRICA

Greater revenue than drug tradeMobile growth sparks increase

WHAT IS POPI?

WHAT IS POPI?

Right to be left aloneEnshrined in sect 14 of ConstitutionBalances right of privacy with other rights, in particular access to informationPrescribes minimum processing requirementsProvides remedies to abuse of PIProtects free flow of informationInternational harmony

THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT WILL HAVE AN IMPACT ON ALMOST EVERY COMPANY OPERATING IN SA?

DID YOU KNOW:

THE POPI ACT WILL

ESTABLISH ACODE OF CONDUCT FOR CONFIDENTIAL HANDLING OF PERSONAL INFORMATION

CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION

Collection of data (Accountability)

Processing limitationsRetention & Deletion of data (Purpose Specification)

Further Processing of Data

Data security (Security Safeguards)

Data subject participation

Notification (Openness)

8Information Quality

COLLECTION OF DATA

Information must be collected directly from the individualExceptions:– Public records– Consent given to a third party – Law enforcement

COLLECTION OF DATA

The person must be aware of the purpose for collecting their personal information and give consentThere is additional consent needed to store and process data outside of South Africa

PROCESSING LIMITATIONS Businesses are not permitted to processpersonal information of children under 18

Religious or philosophical beliefs

PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…

Trade union membership

or political opinions



Health, sexual life or biometric details

Race or ethnic origin



Criminal Behaviour

RETENTION OF DATA

Information must NOT be kept any

longer than is necessary for

processing

DELETION OF INFORMATION

Data must be destroyed as soon as possibleIt must be impossible for data to ever be recovered or reconstructed

DATA SECURITYTechnical and organisational security measures to prevent data loss or damage, or unlawful access to personal information are essential.

DATA SUBJECT PARTICIPATION

A person must be able to:Find who has their dataRequest a copy of all personal information heldby an organisation Request amendments or deletion of their data, and receive proof this has been done

**********

NOTIFICATION

Reasonable steps must be taken to ensure that the data subject is aware of breaches to informationData Subjects must be supplied with information:– How collected– Contact details of Responsible Party– Purpose and Consequences– Laws authorising or requiring collection of information– When the Responsible party intends to send the

information to a third party or across international borders, including level of protection

– Any further information

ENFORCEMENT

Official complaint processPunishment up to 10 years imprisonment and/or fine up to R10 millionCivil action may also be taken

SOME BREACH EXAMPLES

EXCEPTIONS

Processed for purely personal or household activitiesDe-identified Personal InformationProcessed for National security defence or public safetyProcessed in investigating and prosecuting crimeCabinet and EC of ProvincesExemptions granted by Regulator Journalistic purposes

OUR APPROACH

We can help companies define a strategy and roadmap to become compliant with the POPI Act. We provide a complete and holistic execution that interweaves the key areas of PEOPLE

PROCESSESTECHNOLOGY

PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.

INSIGHT TRANSFORMATIONROADMAP ENABLEMENT

• People understanding• Skills and capacity• Process capability• Technology availability

and capability

Design the business response to ensure effective and efficient compliance

Prioritised investment route map based on business and IT considerations in support of defined architecture

Currentstate

POPI vision and strategy

People educationProcess compliance

Technology capability

PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.

Currentstate

POPI vision and strategy

People educationProcess compliance

Technology capability

Status of Enablement

Business and compliance risks

Business and risk

considerationsCosts and time considerations

Business architecture

Information systems architecture

Technology architecture

People enablement

STRATEGY

POPI Strategy and Implementation RoadmapBusiness case development

TRAINING AND EDUCATION

POPI Act and Implications customised for implemented solutions

CHANGE & COMMUNICATION

Strategy & PlanningDevelopment & execution of awareness campaigns

DATA

Data Audits, Security &

Management

PROCESS & CONTENT

Process Solution Design & Automation Records Management assessment, design & enablementSecurity policy enablementContent archival solutions Content GovernanceDocument destruction services

LAWS AFFECTED BY POPI

ANY QUESTIONS?

THANK YOU FOR TAKING THE TIME TO EDUCATE YOURSELF ON POPI!