OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
A BACKGROUND ON PRIVACY
Olmstead case – basis of our understanding of privacy
Important because information has become eas...
WHAT IS POPI?
WHAT IS POPI?
Right to be left alone
Enshrined in sect 14 of Constitution
Balances right of privacy with other rights, in ...
THE PROTECTION OF PERSONAL INFORMATION
(POPI) ACT WILL HAVE AN IMPACT ON ALMOST
EVERY COMPANY OPERATING IN SA?
DID YOU KNO...
THE POPI ACT WILL
ESTABLISH A
CODE OF CONDUCT
FOR CONFIDENTIAL
HANDLING OF
PERSONAL
INFORMATION
CONDITIONS FOR LAWFUL
PROCESSING OF PERSONAL INFORMATION
Collection of data (Accountability)
Processing limitations
Retent...
COLLECTION OF DATA
Information must be
collected directly from
the individual
Exceptions:
– Public records
– Consent given...
COLLECTION OF DATA
The person must be
aware of the purpose
for collecting their
personal information
and give consent
Ther...
PROCESSING LIMITATIONS
Businesses are not permitted to process
personal information of children under 18
Religious or
philosophical beliefs
PROCESSING
LIMITATIONS
Unless specifically
permitted, you are
NOT ALLOWED to
process in...
Trade union
membership
or political
opinions
PROCESSING
LIMITATIONS
Unless specifically
permitted, you are
NOT ALLOWED to
...
PROCESSING
LIMITATIONS
Unless specifically
permitted, you are
NOT ALLOWED to
process information
about…
Health, sexual
lif...
Race or ethnic origin
PROCESSING
LIMITATIONS
Unless specifically
permitted, you are
NOT ALLOWED to
process information
abo...
PROCESSING
LIMITATIONS
Unless specifically
permitted, you are
NOT ALLOWED to
process information
about…
Criminal Behaviour
RETENTION OF DATA
Information must
NOT be kept any
longer than is
necessary for
processing
DELETION OF INFORMATION
Data must be
destroyed as
soon as possible
It must be
impossible for
data to ever be
recovered or
...
DATA SECURITY
Technical and
organisational
security
measures to
prevent data
loss or damage,
or unlawful
access to
persona...
DATA SUBJECT PARTICIPATION
A person must be able to:
Find who has their data
Request a copy of all
personal information he...
NOTIFICATION
Reasonable steps must be taken to ensure that the data
subject is aware of breaches to information
Data Subje...
ENFORCEMENT
Official complaint process
Punishment up to 10 years
imprisonment and/or fine
up to R10 million
Civil action m...
SOME BREACH EXAMPLES
EXCEPTIONS
Processed for purely personal or household
activities
De-identified Personal Information
Processed for National...
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
OUR APPROACH
We can help companies define a
strategy and roadmap to become
compliant with the POPI Act.
We provide a compl...
PROCESS DIAGRAM
Our transformational approach focusing on
enablement of people, process and technology.
INSIGHT
TRANSFORMA...
PROCESS DIAGRAM
Our transformational approach focusing on
enablement of people, process and technology.
INSIGHT
TRANSFORMA...
PROCESS DIAGRAM
Our transformational approach focusing on
enablement of people, process and technology.
Current
state
POPI...
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
STRATEGY
POPI Strategy and
Implementation
Roadmap
Business case
development
TRAINING AND EDUCATION
POPI Act and
Implications
customised for
implemented
solutions
CHANGE & COMMUNICATION
Strategy & Planning
Development &
execution of awareness
campaigns
DATA
Data Audits,
Security &
Management
PROCESS & CONTENT
Process Solution Design &
Automation
Records Management assessment,
design & enablement
Security policy ...
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
LAWS AFFECTED BY POPI
ANY QUESTIONS?
THANK YOU FOR TAKING
THE TIME TO EDUCATE
YOURSELF ON POPI!
POPI Act compliance presentation
of 38

POPI Act compliance presentation

Published on: Mar 4, 2016
Published in: Business      
Source: www.slideshare.net


Transcripts - POPI Act compliance presentation

  • 1. OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION
  • 2. A BACKGROUND ON PRIVACY Olmstead case – basis of our understanding of privacy Important because information has become easily accessible: 46% increase from 2010 Crime committed: – every 3.5 minutes in NYC – every 2.5 minutes in Tokyo – every 3 seconds an identity stolen online Highest number of cybercrime victims worldwide: – 92% RUSSIA – 84% CHINA – 80% SOUTH AFRICA Greater revenue than drug trade Mobile growth sparks increase
  • 3. WHAT IS POPI?
  • 4. WHAT IS POPI? Right to be left alone Enshrined in sect 14 of Constitution Balances right of privacy with other rights, in particular access to information Prescribes minimum processing requirements Provides remedies to abuse of PI Protects free flow of information International harmony
  • 5. THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT WILL HAVE AN IMPACT ON ALMOST EVERY COMPANY OPERATING IN SA? DID YOU KNOW:
  • 6. THE POPI ACT WILL ESTABLISH A CODE OF CONDUCT FOR CONFIDENTIAL HANDLING OF PERSONAL INFORMATION
  • 7. CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION Collection of data (Accountability) Processing limitations Retention & Deletion of data (Purpose Specification) Further Processing of Data Data security (Security Safeguards) Data subject participation Notification (Openness) 8 Information Quality
  • 8. COLLECTION OF DATA Information must be collected directly from the individual Exceptions: – Public records – Consent given to a third party – Law enforcement
  • 9. COLLECTION OF DATA The person must be aware of the purpose for collecting their personal information and give consent There is additional consent needed to store and process data outside of South Africa
  • 10. PROCESSING LIMITATIONS Businesses are not permitted to process personal information of children under 18
  • 11. Religious or philosophical beliefs PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about…
  • 12. Trade union membership or political opinions PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about…
  • 13. PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about… Health, sexual life or biometric details
  • 14. Race or ethnic origin PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about…
  • 15. PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about… Criminal Behaviour
  • 16. RETENTION OF DATA Information must NOT be kept any longer than is necessary for processing
  • 17. DELETION OF INFORMATION Data must be destroyed as soon as possible It must be impossible for data to ever be recovered or reconstructed
  • 18. DATA SECURITY Technical and organisational security measures to prevent data loss or damage, or unlawful access to personal information are essential.
  • 19. DATA SUBJECT PARTICIPATION A person must be able to: Find who has their data Request a copy of all personal information held by an organisation Request amendments or deletion of their data, and receive proof this has been done ****** ****
  • 20. NOTIFICATION Reasonable steps must be taken to ensure that the data subject is aware of breaches to information Data Subjects must be supplied with information: – How collected – Contact details of Responsible Party – Purpose and Consequences – Laws authorising or requiring collection of information – When the Responsible party intends to send the information to a third party or across international borders, including level of protection – Any further information
  • 21. ENFORCEMENT Official complaint process Punishment up to 10 years imprisonment and/or fine up to R10 million Civil action may also be taken
  • 22. SOME BREACH EXAMPLES
  • 23. EXCEPTIONS Processed for purely personal or household activities De-identified Personal Information Processed for National security defence or public safety Processed in investigating and prosecuting crime Cabinet and EC of Provinces Exemptions granted by Regulator Journalistic purposes
  • 24. OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION
  • 25. OUR APPROACH We can help companies define a strategy and roadmap to become compliant with the POPI Act. We provide a complete and holistic execution that interweaves the key areas of PEOPLE PROCESSES TECHNOLOGY
  • 26. PROCESS DIAGRAM Our transformational approach focusing on enablement of people, process and technology. INSIGHT TRANSFORMATION ROADMAP ENABLEMENT • People understanding • Skills and capacity • Process capability • Technology availability and capability Design the business response to ensure effective and efficient compliance Prioritised investment route map based on business and IT considerations in support of defined architecture Current state POPI vision and strategy People education Process compliance Technology capability
  • 27. PROCESS DIAGRAM Our transformational approach focusing on enablement of people, process and technology. INSIGHT TRANSFORMATION ROADMAP ENABLEMENT • People understanding • Skills and capacity • Process capability • Technology availability and capability Design the business response to ensure effective and efficient compliance Prioritised investment route map based on business and IT considerations in support of defined architecture Current state POPI vision and strategy People education Process compliance Technology capability
  • 28. PROCESS DIAGRAM Our transformational approach focusing on enablement of people, process and technology. Current state POPI vision and strategy People education Process compliance Technology capability Status of Enablement Business and compliance risks Business and risk considerations Costs and time considerations Business architecture Information systems architecture Technology architecture People enablement
  • 29. OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION
  • 30. STRATEGY POPI Strategy and Implementation Roadmap Business case development
  • 31. TRAINING AND EDUCATION POPI Act and Implications customised for implemented solutions
  • 32. CHANGE & COMMUNICATION Strategy & Planning Development & execution of awareness campaigns
  • 33. DATA Data Audits, Security & Management
  • 34. PROCESS & CONTENT Process Solution Design & Automation Records Management assessment, design & enablement Security policy enablement Content archival solutions Content Governance Document destruction services
  • 35. OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION
  • 36. LAWS AFFECTED BY POPI
  • 37. ANY QUESTIONS? THANK YOU FOR TAKING THE TIME TO EDUCATE YOURSELF ON POPI!

Related Documents