Much has been publicised and discussed about the introduction of the Protection of Personal Information Act (POPI), which was signed into law by the President and Gazetted on 26 November 2013. Companies in South Africa have one year from this date to comply or face potentially significant consequences. If not already in place, businesses and organisations should quickly implement sufficient structures, systems and processes so that they are able to comply when POPI comes into full effect in late November 2014. In order to do so effectively Human Resources, communication and marketing, and of course IT professionals, will need to work together to ensure that employee information is stored, shared, and transmitted in accordance with the sections of POPI.
Knowledge Resources internalcomms2014-communication implication for the application of popi
1. Internal Communication Seminar
THE IMPLICATION FOR THE APPLICATION OF
PROTECTION OF PERSONAL INFORMATION (POPI)
>>>>>> REPUTATION AND CRISIS
All copyrights reserved
MANAGENT
IN THE AGE OF
Nicola Columbine
Communication Strategist
specialist in employee and organisational communication with grounding in
OD and change, Meta NLP coaching, mentoring, and facilitation.
2. WHAT IS PoPI ?
• PoPI to ensure all South African institutions undertake responsible conduct
when collecting, processing, storing and sharing another entity's
personal information
WHY IS CHANGE MANAGEMENT
• To hold South African institutions accountable should they abuse or
SO CRITICAL FOR
compromise personal information in any way
• Bestows upon individuals rights of protection and ability to exercise control
ORGANISATIONS TODAY?
when and how individuals choose to share personal information
• Type and extent of information shared
• Transparency and accountability on how personal data will be used
• access to personal information and right to have data removed and/or
destroyed
• How and where your information is stored
• Adequate measures and controls to safeguard personal information
• Integrity and continued accuracy of your information
• Information captured correctly and institution is responsible to maintain it
3. WHY THE NEED FOR PoPI?
• Moral principles and values that govern behaviour - right or wrong and good
or bad in actions that affect others
• Increase in corruption, bribery and collusion lead to greater need for ethics
WHY IS CHANGE MANAGEMENT
codes and conduct in SA
SO CRITICAL FOR
• King III and Companies Act moved some way to instill culture of compliance
• Yet, South Africans remain largely negligent…even delinquent
ORGANISATIONS TODAY?
Source:Transparency International
Global Corruption Barometer for 2013
SAMPLE GROUP:
More than 1000 urban South Africans
4. IMPLICATIONS OF PoPI
• Information Regulator to be appointed (enforce PAIA, PPI, PoPI)
• Companies to appoint Information Officers and Deputy Officers
• Audit processes to collect, record, store, disseminate and destroy personal
WHY IS CHANGE MANAGEMENT
SO CRITICAL FOR
ORGANISATIONS TODAY?
information
• Define purpose of information gathering and processing
• Limit processing parameters
• Take steps to notify data subject and check rationale
• Ensure information quality
• Notify information Protection Regulator
• Data subject requests
• Retain records for required period
• Cross border transfer
5. EMPLOYEE RIGHTS IN RELATION TO POPI
• Employees to be made sufficiently reasonably aware of what personal
information to be obtained
• Employees to give employers consent to process, store and disseminate
WHY IS CHANGE MANAGEMENT
SO CRITICAL FOR
personal information
• Employees may withdraw consent at any time
• Employees have right to protection of integrity and confidentiality of personal
ORGANISATIONS TODAY?
information
• Employees have right to lodge complaints with Information Officer
• Employees to know how to manage their personal information across
various channels of communication
• communication to not only create awareness
• engagement and empowerment to instil ownership for behaviour in
employees handling private information
• Employees have right of complaint and recourse
6. ROLE OF HUMAN RESOURCES - IMPORTANT
• Risk and Compliance to lead compliance of PoPI
• HR to work with Operations, IT, Risk & Audit, Communication, Marketing
• Requires advisory and support from legal to develop/amend policy
• HR professionals still responsible for managing how employee data is
WHY IS CHANGE MANAGEMENT
SO CRITICAL FOR
collected, processed, stored and shared
• Employer may process personal information: if sufficient reason > must
ORGANISATIONS TODAY?
explicitly state intention, and employee gives full consent
• Employer must ensure quality of information processed
• Employers bear responsibility to prove employees have provided consent
• Every aspect requiring personal information from potential and existing
employees, obtained by consent
• Change management and OD – a holistic integrated approach required
• Training and knowledge management
• Reporting
7. ROLE OF COMMUNICATION, MARKETING, PR
• Integrated information and communication strategy and implementation =
appropriate organisational management and support
• Develop communication policies, processes and practices –
• Aligned messaging and content to enable awareness, understanding and
WHY IS CHANGE MANAGEMENT
SO CRITICAL FOR
ORGANISATIONS TODAY?
behaviour
• Consent information across every area of organisation and stakeholder
interaction involves reference to personal information
• Knowledge management
• Training and change management
• Marketing – GSM, digital and social media management
• Reputation management - corporate and employee behaviour risk of
exposure in stakeholder environments = customer complaints, mainstream,
digital and social media = ORM
• Procurement, sales and customer service
• Annual reports and integrated reporting
The presentation provides an overview on the relevance South African privacy information legislation in the context of ethics, the and application of POPI, and the implication for organisations in respect of its requirements to data and stakeholder management from an ethics and compliance perspective.
4. It will talk to the role that technology needs to play and the implications for digital communication in that context