SlideShare a Scribd company logo

The Protection of Personal Information Act: A Presentation

Download as PPTX, PDF
E
Endcode_org

What does the Protection of Personal information Act mean for business and for cybersecurity? Find out the implications of South Africa's new technology law Act.

Law
1 of 32
The Protection of Personal Information Act 2013 Personal Information is your business 25.09.14 KOMESHNI PATRICK TECHNOLOGY LAWYER/DIRECTOR/ENDCODE.ORG
Contents  Definitions  Aims  Exemptions  Key Role Players for POPI  8 Conditions of POPI  POPI and Consent  POPI and Notification  Giving PI Away  POPI for Business  PI & Cybercrime
What is Personal Information (PI)?  Section 1  Identifiable, living, natural person or identifiable, existing juristic person  Race, sex, gender, name, sexual orientation, age, mental health  Medical, financial, criminal or employment history  E-mail address, physical address, telephone number, location information, online identifier  Biometric information  Personal opinions, views or preferences  Private correspondence  Opinions of another individual about the person  name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
What is Special Personal Information?  Section 1  The religious or philosophical beliefs  race or ethnic origin  trade union membership  political persuasion  health or sex life or biometric information of the person  The criminal behaviour of the person to the extent that such information relates to—  The alleged commission by the person of any offence  Any proceedings in respect of any offence allegedly committed by the person or the disposal of such proceedings
What is Processing?  Sections 1 and 4 of POPI  Processing means any activity whether by automatic means or not, concerning personal information, including  The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;  Dissemination by means of transmission, distribution or making available in any other form; or  Merging, linking, as well as restriction, degradation, erasure or destruction of information;  Processing must be for a defined and legitimate purpose that is clear to the DS from whom you are collecting the PI
The Protection of Personal Information 4 of 2013 (POPI) Aims:  Protection of PI processed by private and public bodies  Minimum requirements for processing of PI  Establishment of Information Regulator  Codes of Conduct  Rights protection against SPAM and automated decision-making  Regulate cross-border flow
Exemptions from POPI Personal & Household • Personal address book • Personal Computer De-identified & cannot be re-identified • Anonymous Surveys • Course Evaluation Public Bodies involved in national security • Prevention and detection of unlawful activities • Terrorism, money laundering, offenses Judicial Function of a Court • Section 166 of the Constitution Terrorism • Terrorist & Related Activities Act 33 of 2004 Journalistic, literary, artistic • Freedom of Expression (S16 Constitution) • Codes of Ethics govern PI infringements
Key Role Players for POPI Data Subject •The person to whom PI relates •Public or private body or any other person which determines Responsible Party the purpose of and means for processing PI •Person who processes PI for a RP in terms of a contract or mandate, without coming under the direct authority of that party Operator •Any person legally competent to consent to any action or decision being taken in respect of any matter concerning a child Competent Person •A juristic person established in terms of the Act accountable to the National Assembly and appointed by the Minister of Justice Information Regulator
8 Conditions of POPI •RP to ensure Accountability conditions for lawful processing •Minimality – adequate, relevant and not excessive •Consent, Justification, Objection •Collection directly from Data Subject Processing Limitation •specific, explicitly defined and lawful purpose •Records of PI must not be retained longer than is necessary for achieving the purpose •Exemption: record required by law, historical, statistical or for research • destroy/delete/de-identify a record of PI once purpose achieved Purpose Specification •To be compatible with original purpose of collection if not, consent for further processing is required Further Processing Limitation
8 Conditions of POPI •RP must take steps to ensure PI is complete, accurate and not misleading Information Quality •Records of the processing cycle for operations must be maintained and made available to the DS •Obligation on RP to notify the DS upon collection of PI Openness • Integrity and confidentiality of PI must be maintained to prevent loss, damage, unauthorised destruction, unlawful access or processing •Operator must notify RP if there are reasonable grounds to believe that the PI was accessed by an unauthorised person and the RP has to notify the Regulator and the DS Security Safeguards •Right to be informed - DS can be requested free of charge if PI held •Where DS requests copy of the record, the RP can charge a fee •DS can request correction or deletion of PI that is inaccurate, irrelevant, out of date, excessive, incomplete, misleading or unlawfully obtained Data Subject Participation
POPI and Consent •Consent from DS for processing PI •Consent can be withdrawn at any time. •Where the DS is a child, consent is needed from Competent Person General Consent Section 11 • For records to be retained longer than is needed achieving the purpose of the data processing, must consent. Retention of Section 14(1)(d)
POPI and Consent •The RP must restrict processing of information if: •The accuracy is contested by DS and RP has to the PI •Purpose is achieved but retain PI for proof •The processing is unlawful and the DS requests restriction rather than destruction •The DS requests PI be transmitted to another automated system Restriction on processing Section 14(7) •May only be processed: • With DC consent or Competent Person’s consent • For purposes of proof •To protect a right of another natural or legal • For public interest
POPI and Consent • Further processing of information that is with the original purpose of collection can only Further Processing the DS consents. Section 15(3)(a) •The DS can consent to not being notified when information is collected. Notification of Collection Section18(4)(a)
POPI and Consent •The DS must consent to the processing of Special Personal personal information. Information Section 27 • Information regarding religious or philosophical can be processed only by religious or spiritual institutions to which the DS belongs without • Consent from the DS is needed when this data supplied to third parties. Religious Beliefs Section 28(3)
POPI and Consent • Information regarding trade union membership processed only by the trade union or its body to which the DS belongs. • Consent from the DS is needed when this data supplied to third parties. Trade Union Membership Section 30(2) • Information regarding political persuasion can processed only by institutions founded on principles to which the DS belongs without •Consent from the DS is needed when this data is supplied to third parties. Political Persuasion Section 31(2)
POPI and Consent • Processing PI regarding children can only occur the consent from a person who has legal Information to make decisions regarding that child. Children Section 34 • Processing for direct marketing is prohibited DS gives consent. •To request consent, the RP may approach the consent only once and only if the DS has not previously withheld consent. Direct Marketing Section 69
POPI and Consent • RP may not transfer PI to a third party in a country unless the DS has consented or the benefits the DS and it is impractical to obtain and the DS would likely give consent. Foreign should have similar processing protection as Foreign Country Transfer Section 72(1) •The Minister has the power to create regulations regarding the manner and form within which the consent must be obtained or requested for direct marketing. Minister’s Powers Section 112(2)(f)
POPI and Notification •Notification to DS when collecting personal Notification to DS when collecting PI Section 18 •The Operator must notify the RP immediately there are reasonable grounds to believe that the personal information of a DS has been accessed acquired by any unauthorised person Security measures regarding processed by Section 21
POPI and Notification •Where there are reasonable grounds to believe personal information of a DS has been accessed acquired by any unauthorised person, the RP notify the Regulator and the DS Notification of Compromises Section 22 •The RP must notify a DS, who has made a correction or deletion of record of the action result of such request Correction of personal Section 24
POPI and Notification • RP must notify and obtain prior authorization Regulator for processing for the following: • for a purpose other than the original purpose intended at collection •with the aim of linking the information information processed by other responsible • process information on criminal behaviour •process information for the purposes of credit reporting or • transfer special PI or the PI of children to a party in a foreign country that does not adequate level of protection. Responsible party to notify Regulator if processing is subject to authorisation Section 58
Giving Your PI Away Shopping online Subscribing or registering Competitions, prizes, rewards Online games and virtual worlds Social Media Online Browsing Employment Name Surname email address telephone number postal address city Education credit card number ID number physical address
POPI for Business Financial Education Transport Gaming Social Media Advertising Music Telecoms Credit Personal Information is Sports Mapping Insurance IT Banking Medical your Business
POPI for Business 1 •POPI Strategy 2 •Appoint an Information Officer 3 •Privacy Policy 4 •Consider who the Data Subjects are •Limit the collection type and amount to the purpose 3 •Third party Transfer 4 •Cross-border transfer 5 •Direct Marketing Practices 6 •Special Personal Information 7 •Children’s Personal Information 8 •Directories
POPI for Business •-Obtain consent DS to use PI for the specified purpose •-Network Security – integrity and safekeeping •-Limit access per business role •-Ensure that there are back-up and business continuity plans •-Access Security at all points •-Access to Information Procedure (correction, objections to processing, copy of records, third parties who access their PI) •-Procedures for updating details to ensure and completeness •-Ensure Records retention management (deletion or de-identification) •-Incident Management Process Creating Business Process
POPI for Business Well managed brand Strengthens the brand Conveys that the business understands its legal obligations to the client Builds trust in the brand
POPI for Business Privacy infringement Loss of Intellectual Property Defamation Loss of sensitive information Security compromise - issues of national security Financial loss POTENTIAL FOR LITIGATION Brand Damage
PI and Cyber Crime Cybercrime PI
PI & Cybercrime Lloyd’s 2013 Risk Index Report Cyber security has moved from 12th position to 3rd position as a global concern to business. The 2013 Norton Report South Africa has the third highest number of cybercrime victims following Russia and China. PwC’s Global State of Information Security Survey 2014 reported a rise of 25% in security incidents with a 51% rise in spend on security. Overall, this makes up only 4% of the IT spend.
PI & Cybercrime South Africa’s National Cyber Security Policy Framework was passed in March 2012 18 months later Department of Communications appointed the National Cyber Security Advisor in October 2013 Goal co-ordinate government actions on cyber security and ensure co-operation between government, the private sector and civil society on addressing cyber threats
PI & Cybercrime The Electronic Communications and Transactions Act 2002 9 years later No cyber inspectors to enforce cyber security Wolfpack Information Risk’s report – The South African Cyber Threat Barometer 2012/13 no national computer security incident response team no national response team to co-ordinate a cyber defence strategy Annual losses in 3 sectors = R2.65 billion
PI & Cybercrime India Sponsored training for 500 000 “cyber warriors” South Korea 5000 cyber specialists are developed annually United Kingdom 11 centres established for cyber skills development allied to the universities South Africa ?
Thanks, Questions? Komeshni Patrick Komeshni.patrick@endcode.org www.endcode.org

Recommended

The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysiakhenghoe
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)Hairul Hafiz Hasbullah
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 

Recommended

The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysiakhenghoe
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)Hairul Hafiz Hasbullah
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Habeas data
Habeas dataHabeas data
Habeas datapaupredolini
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR PresentationCILIP Ireland
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
POPI
POPI POPI
POPI POPI ACT Protection of Personal Info
 
POPI and Email Marketing
POPI and Email Marketing POPI and Email Marketing
POPI and Email Marketing Everlytic
 

More Related Content

What's hot

GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacylegalPadmin
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 

What's hot (20)

GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Data protection act
Data protection act Data protection act
Data protection act
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Habeas data
Habeas dataHabeas data
Habeas data
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 

Viewers also liked

POPI and Email Marketing
POPI and Email Marketing POPI and Email Marketing
POPI and Email Marketing Everlytic
 
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...OvationsGroup
 
Human rights in Bangladesh
Human rights in BangladeshHuman rights in Bangladesh
Human rights in BangladeshSyed Shihab
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Premier Health Brochure
Premier Health BrochurePremier Health Brochure
Premier Health BrochurePremierHealth
 
October fair trade month
October fair trade monthOctober fair trade month
October fair trade monthPattye255
 
2015 09-10 Health Valley meets Topsector LSH Alain van Gool
2015 09-10 Health Valley meets Topsector LSH Alain van Gool2015 09-10 Health Valley meets Topsector LSH Alain van Gool
2015 09-10 Health Valley meets Topsector LSH Alain van GoolAlain van Gool
 
Software project management interview questions and answers
Software project management interview questions and answersSoftware project management interview questions and answers
Software project management interview questions and answerssimonthomas990
 
Presentation of scenes of The Descent
Presentation of scenes of The DescentPresentation of scenes of The Descent
Presentation of scenes of The Descentalexjr1996
 
Edited pictures presentation
Edited pictures presentationEdited pictures presentation
Edited pictures presentationalexjr1996
 
Bijlage 2-shell-ffs-reactor
Bijlage 2-shell-ffs-reactorBijlage 2-shell-ffs-reactor
Bijlage 2-shell-ffs-reactorpouya_ms
 
Manual SEO IDS Soluciones eCommerce
Manual SEO IDS Soluciones eCommerceManual SEO IDS Soluciones eCommerce
Manual SEO IDS Soluciones eCommerceDario Schilman
 

Viewers also liked (20)

POPI
POPI POPI
POPI
 
POPI and Email Marketing
POPI and Email Marketing POPI and Email Marketing
POPI and Email Marketing
 
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPI
 
Human rights in Bangladesh
Human rights in BangladeshHuman rights in Bangladesh
Human rights in Bangladesh
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Premier Health Brochure
Premier Health BrochurePremier Health Brochure
Premier Health Brochure
 
October fair trade month
October fair trade monthOctober fair trade month
October fair trade month
 
Sviesuva bredikis
Sviesuva bredikisSviesuva bredikis
Sviesuva bredikis
 
Narracion
NarracionNarracion
Narracion
 
The magic to think big
The magic to think bigThe magic to think big
The magic to think big
 
2015 09-10 Health Valley meets Topsector LSH Alain van Gool
2015 09-10 Health Valley meets Topsector LSH Alain van Gool2015 09-10 Health Valley meets Topsector LSH Alain van Gool
2015 09-10 Health Valley meets Topsector LSH Alain van Gool
 
Software project management interview questions and answers
Software project management interview questions and answersSoftware project management interview questions and answers
Software project management interview questions and answers
 
Presentation of scenes of The Descent
Presentation of scenes of The DescentPresentation of scenes of The Descent
Presentation of scenes of The Descent
 
Edited pictures presentation
Edited pictures presentationEdited pictures presentation
Edited pictures presentation
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality training
 
Los nombres de villayon
Los nombres de villayonLos nombres de villayon
Los nombres de villayon
 
Kaunas bm šviesuva 2014 11 03
Kaunas bm šviesuva 2014 11 03Kaunas bm šviesuva 2014 11 03
Kaunas bm šviesuva 2014 11 03
 
Bijlage 2-shell-ffs-reactor
Bijlage 2-shell-ffs-reactorBijlage 2-shell-ffs-reactor
Bijlage 2-shell-ffs-reactor
 
Manual SEO IDS Soluciones eCommerce
Manual SEO IDS Soluciones eCommerceManual SEO IDS Soluciones eCommerce
Manual SEO IDS Soluciones eCommerce
 

Similar to The Protection of Personal Information Act: A Presentation

GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data ProtectionEquiGov Institute
 
Introduction to the Freedom of Information and Data Protection Act Trinidad a...
Introduction to the Freedom of Information and Data Protection Act Trinidad a...Introduction to the Freedom of Information and Data Protection Act Trinidad a...
Introduction to the Freedom of Information and Data Protection Act Trinidad a...EquiGov Institute
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareWinston & Strawn LLP
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Education law conference, March 2017 - Nottingham - Understanding & dischargi...
Education law conference, March 2017 - Nottingham - Understanding & dischargi...Education law conference, March 2017 - Nottingham - Understanding & dischargi...
Education law conference, March 2017 - Nottingham - Understanding & dischargi...Browne Jacobson LLP
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
 
Education law conference, March 2017 - Manchester - Understanding and dischar...
Education law conference, March 2017 - Manchester - Understanding and dischar...Education law conference, March 2017 - Manchester - Understanding and dischar...
Education law conference, March 2017 - Manchester - Understanding and dischar...Browne Jacobson LLP
 
Education law conference, March 2017 - London - Understanding and discharging...
Education law conference, March 2017 - London - Understanding and discharging...Education law conference, March 2017 - London - Understanding and discharging...
Education law conference, March 2017 - London - Understanding and discharging...Browne Jacobson LLP
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited
 

Similar to The Protection of Personal Information Act: A Presentation (20)

GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data Protection
 
Introduction to the Freedom of Information and Data Protection Act Trinidad a...
Introduction to the Freedom of Information and Data Protection Act Trinidad a...Introduction to the Freedom of Information and Data Protection Act Trinidad a...
Introduction to the Freedom of Information and Data Protection Act Trinidad a...
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To Prepare
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
 
Education law conference, March 2017 - Nottingham - Understanding & dischargi...
Education law conference, March 2017 - Nottingham - Understanding & dischargi...Education law conference, March 2017 - Nottingham - Understanding & dischargi...
Education law conference, March 2017 - Nottingham - Understanding & dischargi...
 
POPI_Overview_E
POPI_Overview_EPOPI_Overview_E
POPI_Overview_E
 
POPI_Overview_E
POPI_Overview_EPOPI_Overview_E
POPI_Overview_E
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
Education law conference, March 2017 - Manchester - Understanding and dischar...
Education law conference, March 2017 - Manchester - Understanding and dischar...Education law conference, March 2017 - Manchester - Understanding and dischar...
Education law conference, March 2017 - Manchester - Understanding and dischar...
 
Education law conference, March 2017 - London - Understanding and discharging...
Education law conference, March 2017 - London - Understanding and discharging...Education law conference, March 2017 - London - Understanding and discharging...
Education law conference, March 2017 - London - Understanding and discharging...
 
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...Lorson Resources Limited - Records & Information Presentation: Data Protectio...
Lorson Resources Limited - Records & Information Presentation: Data Protectio...
 

More from Endcode_org

IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends Endcode_org
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content RegulationEndcode_org
 
Electronic Contracting Presentation
Electronic Contracting PresentationElectronic Contracting Presentation
Electronic Contracting PresentationEndcode_org
 
E-contracting and Commerce
E-contracting and CommerceE-contracting and Commerce
E-contracting and CommerceEndcode_org
 
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference Endcode_org
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Consumer Protection
Consumer ProtectionConsumer Protection
Consumer ProtectionEndcode_org
 
Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk Endcode_org
 
Innovator's Guide to the IP Galaxy
Innovator's Guide to the IP GalaxyInnovator's Guide to the IP Galaxy
Innovator's Guide to the IP GalaxyEndcode_org
 
Mutual Non Disclosure Agreement (South Africa)
Mutual Non Disclosure Agreement (South Africa)Mutual Non Disclosure Agreement (South Africa)
Mutual Non Disclosure Agreement (South Africa)Endcode_org
 
E-commerce regulation pria chetty
E-commerce regulation pria chettyE-commerce regulation pria chetty
E-commerce regulation pria chettyEndcode_org
 

More from Endcode_org (11)

IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends
 
IAB Online Content Regulation
IAB Online Content RegulationIAB Online Content Regulation
IAB Online Content Regulation
 
Electronic Contracting Presentation
Electronic Contracting PresentationElectronic Contracting Presentation
Electronic Contracting Presentation
 
E-contracting and Commerce
E-contracting and CommerceE-contracting and Commerce
E-contracting and Commerce
 
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
Consumer Protection
Consumer ProtectionConsumer Protection
Consumer Protection
 
Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk
 
Innovator's Guide to the IP Galaxy
Innovator's Guide to the IP GalaxyInnovator's Guide to the IP Galaxy
Innovator's Guide to the IP Galaxy
 
Mutual Non Disclosure Agreement (South Africa)
Mutual Non Disclosure Agreement (South Africa)Mutual Non Disclosure Agreement (South Africa)
Mutual Non Disclosure Agreement (South Africa)
 
E-commerce regulation pria chetty
E-commerce regulation pria chettyE-commerce regulation pria chetty
E-commerce regulation pria chetty
 

Recently uploaded

1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseRich Bergeron
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasBrandy Austin
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21vasanthakumarsk17
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 

Recently uploaded (20)

1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in Texas
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 

The Protection of Personal Information Act: A Presentation

  • 1. The Protection of Personal Information Act 2013 Personal Information is your business 25.09.14 KOMESHNI PATRICK TECHNOLOGY LAWYER/DIRECTOR/ENDCODE.ORG
  • 2. Contents  Definitions  Aims  Exemptions  Key Role Players for POPI  8 Conditions of POPI  POPI and Consent  POPI and Notification  Giving PI Away  POPI for Business  PI & Cybercrime
  • 3. What is Personal Information (PI)?  Section 1  Identifiable, living, natural person or identifiable, existing juristic person  Race, sex, gender, name, sexual orientation, age, mental health  Medical, financial, criminal or employment history  E-mail address, physical address, telephone number, location information, online identifier  Biometric information  Personal opinions, views or preferences  Private correspondence  Opinions of another individual about the person  name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
  • 4. What is Special Personal Information?  Section 1  The religious or philosophical beliefs  race or ethnic origin  trade union membership  political persuasion  health or sex life or biometric information of the person  The criminal behaviour of the person to the extent that such information relates to—  The alleged commission by the person of any offence  Any proceedings in respect of any offence allegedly committed by the person or the disposal of such proceedings
  • 5. What is Processing?  Sections 1 and 4 of POPI  Processing means any activity whether by automatic means or not, concerning personal information, including  The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;  Dissemination by means of transmission, distribution or making available in any other form; or  Merging, linking, as well as restriction, degradation, erasure or destruction of information;  Processing must be for a defined and legitimate purpose that is clear to the DS from whom you are collecting the PI
  • 6. The Protection of Personal Information 4 of 2013 (POPI) Aims:  Protection of PI processed by private and public bodies  Minimum requirements for processing of PI  Establishment of Information Regulator  Codes of Conduct  Rights protection against SPAM and automated decision-making  Regulate cross-border flow
  • 7. Exemptions from POPI Personal & Household • Personal address book • Personal Computer De-identified & cannot be re-identified • Anonymous Surveys • Course Evaluation Public Bodies involved in national security • Prevention and detection of unlawful activities • Terrorism, money laundering, offenses Judicial Function of a Court • Section 166 of the Constitution Terrorism • Terrorist & Related Activities Act 33 of 2004 Journalistic, literary, artistic • Freedom of Expression (S16 Constitution) • Codes of Ethics govern PI infringements
  • 8. Key Role Players for POPI Data Subject •The person to whom PI relates •Public or private body or any other person which determines Responsible Party the purpose of and means for processing PI •Person who processes PI for a RP in terms of a contract or mandate, without coming under the direct authority of that party Operator •Any person legally competent to consent to any action or decision being taken in respect of any matter concerning a child Competent Person •A juristic person established in terms of the Act accountable to the National Assembly and appointed by the Minister of Justice Information Regulator
  • 9. 8 Conditions of POPI •RP to ensure Accountability conditions for lawful processing •Minimality – adequate, relevant and not excessive •Consent, Justification, Objection •Collection directly from Data Subject Processing Limitation •specific, explicitly defined and lawful purpose •Records of PI must not be retained longer than is necessary for achieving the purpose •Exemption: record required by law, historical, statistical or for research • destroy/delete/de-identify a record of PI once purpose achieved Purpose Specification •To be compatible with original purpose of collection if not, consent for further processing is required Further Processing Limitation
  • 10. 8 Conditions of POPI •RP must take steps to ensure PI is complete, accurate and not misleading Information Quality •Records of the processing cycle for operations must be maintained and made available to the DS •Obligation on RP to notify the DS upon collection of PI Openness • Integrity and confidentiality of PI must be maintained to prevent loss, damage, unauthorised destruction, unlawful access or processing •Operator must notify RP if there are reasonable grounds to believe that the PI was accessed by an unauthorised person and the RP has to notify the Regulator and the DS Security Safeguards •Right to be informed - DS can be requested free of charge if PI held •Where DS requests copy of the record, the RP can charge a fee •DS can request correction or deletion of PI that is inaccurate, irrelevant, out of date, excessive, incomplete, misleading or unlawfully obtained Data Subject Participation
  • 11. POPI and Consent •Consent from DS for processing PI •Consent can be withdrawn at any time. •Where the DS is a child, consent is needed from Competent Person General Consent Section 11 • For records to be retained longer than is needed achieving the purpose of the data processing, must consent. Retention of Section 14(1)(d)
  • 12. POPI and Consent •The RP must restrict processing of information if: •The accuracy is contested by DS and RP has to the PI •Purpose is achieved but retain PI for proof •The processing is unlawful and the DS requests restriction rather than destruction •The DS requests PI be transmitted to another automated system Restriction on processing Section 14(7) •May only be processed: • With DC consent or Competent Person’s consent • For purposes of proof •To protect a right of another natural or legal • For public interest
  • 13. POPI and Consent • Further processing of information that is with the original purpose of collection can only Further Processing the DS consents. Section 15(3)(a) •The DS can consent to not being notified when information is collected. Notification of Collection Section18(4)(a)
  • 14. POPI and Consent •The DS must consent to the processing of Special Personal personal information. Information Section 27 • Information regarding religious or philosophical can be processed only by religious or spiritual institutions to which the DS belongs without • Consent from the DS is needed when this data supplied to third parties. Religious Beliefs Section 28(3)
  • 15. POPI and Consent • Information regarding trade union membership processed only by the trade union or its body to which the DS belongs. • Consent from the DS is needed when this data supplied to third parties. Trade Union Membership Section 30(2) • Information regarding political persuasion can processed only by institutions founded on principles to which the DS belongs without •Consent from the DS is needed when this data is supplied to third parties. Political Persuasion Section 31(2)
  • 16. POPI and Consent • Processing PI regarding children can only occur the consent from a person who has legal Information to make decisions regarding that child. Children Section 34 • Processing for direct marketing is prohibited DS gives consent. •To request consent, the RP may approach the consent only once and only if the DS has not previously withheld consent. Direct Marketing Section 69
  • 17. POPI and Consent • RP may not transfer PI to a third party in a country unless the DS has consented or the benefits the DS and it is impractical to obtain and the DS would likely give consent. Foreign should have similar processing protection as Foreign Country Transfer Section 72(1) •The Minister has the power to create regulations regarding the manner and form within which the consent must be obtained or requested for direct marketing. Minister’s Powers Section 112(2)(f)
  • 18. POPI and Notification •Notification to DS when collecting personal Notification to DS when collecting PI Section 18 •The Operator must notify the RP immediately there are reasonable grounds to believe that the personal information of a DS has been accessed acquired by any unauthorised person Security measures regarding processed by Section 21
  • 19. POPI and Notification •Where there are reasonable grounds to believe personal information of a DS has been accessed acquired by any unauthorised person, the RP notify the Regulator and the DS Notification of Compromises Section 22 •The RP must notify a DS, who has made a correction or deletion of record of the action result of such request Correction of personal Section 24
  • 20. POPI and Notification • RP must notify and obtain prior authorization Regulator for processing for the following: • for a purpose other than the original purpose intended at collection •with the aim of linking the information information processed by other responsible • process information on criminal behaviour •process information for the purposes of credit reporting or • transfer special PI or the PI of children to a party in a foreign country that does not adequate level of protection. Responsible party to notify Regulator if processing is subject to authorisation Section 58
  • 21. Giving Your PI Away Shopping online Subscribing or registering Competitions, prizes, rewards Online games and virtual worlds Social Media Online Browsing Employment Name Surname email address telephone number postal address city Education credit card number ID number physical address
  • 22. POPI for Business Financial Education Transport Gaming Social Media Advertising Music Telecoms Credit Personal Information is Sports Mapping Insurance IT Banking Medical your Business
  • 23. POPI for Business 1 •POPI Strategy 2 •Appoint an Information Officer 3 •Privacy Policy 4 •Consider who the Data Subjects are •Limit the collection type and amount to the purpose 3 •Third party Transfer 4 •Cross-border transfer 5 •Direct Marketing Practices 6 •Special Personal Information 7 •Children’s Personal Information 8 •Directories
  • 24. POPI for Business •-Obtain consent DS to use PI for the specified purpose •-Network Security – integrity and safekeeping •-Limit access per business role •-Ensure that there are back-up and business continuity plans •-Access Security at all points •-Access to Information Procedure (correction, objections to processing, copy of records, third parties who access their PI) •-Procedures for updating details to ensure and completeness •-Ensure Records retention management (deletion or de-identification) •-Incident Management Process Creating Business Process
  • 25. POPI for Business Well managed brand Strengthens the brand Conveys that the business understands its legal obligations to the client Builds trust in the brand
  • 26. POPI for Business Privacy infringement Loss of Intellectual Property Defamation Loss of sensitive information Security compromise - issues of national security Financial loss POTENTIAL FOR LITIGATION Brand Damage
  • 27. PI and Cyber Crime Cybercrime PI
  • 28. PI & Cybercrime Lloyd’s 2013 Risk Index Report Cyber security has moved from 12th position to 3rd position as a global concern to business. The 2013 Norton Report South Africa has the third highest number of cybercrime victims following Russia and China. PwC’s Global State of Information Security Survey 2014 reported a rise of 25% in security incidents with a 51% rise in spend on security. Overall, this makes up only 4% of the IT spend.
  • 29. PI & Cybercrime South Africa’s National Cyber Security Policy Framework was passed in March 2012 18 months later Department of Communications appointed the National Cyber Security Advisor in October 2013 Goal co-ordinate government actions on cyber security and ensure co-operation between government, the private sector and civil society on addressing cyber threats
  • 30. PI & Cybercrime The Electronic Communications and Transactions Act 2002 9 years later No cyber inspectors to enforce cyber security Wolfpack Information Risk’s report – The South African Cyber Threat Barometer 2012/13 no national computer security incident response team no national response team to co-ordinate a cyber defence strategy Annual losses in 3 sectors = R2.65 billion
  • 31. PI & Cybercrime India Sponsored training for 500 000 “cyber warriors” South Korea 5000 cyber specialists are developed annually United Kingdom 11 centres established for cyber skills development allied to the universities South Africa ?
  • 32. Thanks, Questions? Komeshni Patrick Komeshni.patrick@endcode.org www.endcode.org