POPI Act compliance presentation

50 %
50 %
Information about POPI Act compliance presentation
Business & Mgmt

Published on March 12, 2014

Author: OvationsGroup

Source: slideshare.net

OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION

A BACKGROUND ON PRIVACY Olmstead case – basis of our understanding of privacy Important because information has become easily accessible: 46% increase from 2010 Crime committed: – every 3.5 minutes in NYC – every 2.5 minutes in Tokyo – every 3 seconds an identity stolen online Highest number of cybercrime victims worldwide: – 92% RUSSIA – 84% CHINA – 80% SOUTH AFRICA Greater revenue than drug trade Mobile growth sparks increase

WHAT IS POPI?

WHAT IS POPI? Right to be left alone Enshrined in sect 14 of Constitution Balances right of privacy with other rights, in particular access to information Prescribes minimum processing requirements Provides remedies to abuse of PI Protects free flow of information International harmony

THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT WILL HAVE AN IMPACT ON ALMOST EVERY COMPANY OPERATING IN SA? DID YOU KNOW:

THE POPI ACT WILL ESTABLISH A CODE OF CONDUCT FOR CONFIDENTIAL HANDLING OF PERSONAL INFORMATION

CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION Collection of data (Accountability) Processing limitations Retention & Deletion of data (Purpose Specification) Further Processing of Data Data security (Security Safeguards) Data subject participation Notification (Openness) 8 Information Quality

COLLECTION OF DATA Information must be collected directly from the individual Exceptions: – Public records – Consent given to a third party – Law enforcement

COLLECTION OF DATA The person must be aware of the purpose for collecting their personal information and give consent There is additional consent needed to store and process data outside of South Africa

PROCESSING LIMITATIONS Businesses are not permitted to process personal information of children under 18

Religious or philosophical beliefs PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about…

Trade union membership or political opinions PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about…

PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about… Health, sexual life or biometric details

Race or ethnic origin PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about…

PROCESSING LIMITATIONS Unless specifically permitted, you are NOT ALLOWED to process information about… Criminal Behaviour

RETENTION OF DATA Information must NOT be kept any longer than is necessary for processing

DELETION OF INFORMATION Data must be destroyed as soon as possible It must be impossible for data to ever be recovered or reconstructed

DATA SECURITY Technical and organisational security measures to prevent data loss or damage, or unlawful access to personal information are essential.

DATA SUBJECT PARTICIPATION A person must be able to: Find who has their data Request a copy of all personal information held by an organisation Request amendments or deletion of their data, and receive proof this has been done ****** ****

NOTIFICATION Reasonable steps must be taken to ensure that the data subject is aware of breaches to information Data Subjects must be supplied with information: – How collected – Contact details of Responsible Party – Purpose and Consequences – Laws authorising or requiring collection of information – When the Responsible party intends to send the information to a third party or across international borders, including level of protection – Any further information

ENFORCEMENT Official complaint process Punishment up to 10 years imprisonment and/or fine up to R10 million Civil action may also be taken

SOME BREACH EXAMPLES

EXCEPTIONS Processed for purely personal or household activities De-identified Personal Information Processed for National security defence or public safety Processed in investigating and prosecuting crime Cabinet and EC of Provinces Exemptions granted by Regulator Journalistic purposes

OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION

OUR APPROACH We can help companies define a strategy and roadmap to become compliant with the POPI Act. We provide a complete and holistic execution that interweaves the key areas of PEOPLE PROCESSES TECHNOLOGY

PROCESS DIAGRAM Our transformational approach focusing on enablement of people, process and technology. INSIGHT TRANSFORMATION ROADMAP ENABLEMENT • People understanding • Skills and capacity • Process capability • Technology availability and capability Design the business response to ensure effective and efficient compliance Prioritised investment route map based on business and IT considerations in support of defined architecture Current state POPI vision and strategy People education Process compliance Technology capability

PROCESS DIAGRAM Our transformational approach focusing on enablement of people, process and technology. INSIGHT TRANSFORMATION ROADMAP ENABLEMENT • People understanding • Skills and capacity • Process capability • Technology availability and capability Design the business response to ensure effective and efficient compliance Prioritised investment route map based on business and IT considerations in support of defined architecture Current state POPI vision and strategy People education Process compliance Technology capability

PROCESS DIAGRAM Our transformational approach focusing on enablement of people, process and technology. Current state POPI vision and strategy People education Process compliance Technology capability Status of Enablement Business and compliance risks Business and risk considerations Costs and time considerations Business architecture Information systems architecture Technology architecture People enablement

OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION

STRATEGY POPI Strategy and Implementation Roadmap Business case development

TRAINING AND EDUCATION POPI Act and Implications customised for implemented solutions

CHANGE & COMMUNICATION Strategy & Planning Development & execution of awareness campaigns

DATA Data Audits, Security & Management

PROCESS & CONTENT Process Solution Design & Automation Records Management assessment, design & enablement Security policy enablement Content archival solutions Content Governance Document destruction services

OVERVIEW OUR APPROACH OUR OFFERINGS CONCLUSION

LAWS AFFECTED BY POPI

ANY QUESTIONS? THANK YOU FOR TAKING THE TIME TO EDUCATE YOURSELF ON POPI!

Add a comment

Related presentations

Related pages

home - POPI Compliance

popi compliance can be difficult, but with our information and tools you will master it in no time.
Read more

Protection of Personal Information Act - Home - SAICA

Protection of Personal Information Act ... The Protection of Personal Information (POPI) Act has been signed into law by the President on 19 November and ...
Read more

PowerPoint Presentation - FASSET

Determine compliance with Act. Inspection, audit or investigation. SARS can conduct unannounced inspection. ... PowerPoint Presentation Last modified by:
Read more

POPI Act - Protection of Personal Information

The Protection of Personal Information Act (POPI Act or POPI law) sets conditions for how you can process information. It has been signed and is law.
Read more

POPI Act – Practical and Effective Compliance

Do you need to comply with the Protection of Personal Information Act (POPI Act)? We can help you to take practical effective action.
Read more

Government Gazette Staatskoerant - Justice Home

6 No. 37067 GOVERNMENT GAZETTE, 26 November 2013 Act No. 4 of 2013 Protection of Personal Information Act, 2013 Condition 6 Openness 17. Documentation
Read more

PowerPoint Presentation - STANLIB

Protection of Personal Information Act (POPI) Retail Distribution Review ... Risk Management & Compliance. ... PowerPoint Presentation
Read more

Protection of Personal Information POPI compliance

Protection of Personal Information Protection of Personal Information 4 May 2010 SAPA POPI compliance.
Read more