Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it...
Transcript of Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it...
![Page 1: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/1.jpg)
Welcome all delegates to
PoPIA Workshop
Centurion Golf Estate
12 April 2018
![Page 2: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/2.jpg)
2
Presented by
Dr Peter Tobin
CGEIT, PMIITPSA, PMP
POPI Act Compliance
For
Local Government
![Page 3: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/3.jpg)
3
Workshop Introduction
• Welcome, introduction to delegates
• Workshop administrative arrangements
• Workshop objectives & agenda
• Review of delegate materials
April 2018 Copyright Dr Peter Tobin, 2018
![Page 4: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/4.jpg)
4
Workshop Objectives
Demonstrate a clear understanding of
• What you need to do about Protection of Personal Information
• Where Protection of Personal Information rules apply
• Who needs to take action on the POPI Act
• When to take action on Data Privacy & Protection of Personal Information
• How to apply POPI Act compliance in practice
April 2018 Copyright Dr Peter Tobin, 2018
![Page 5: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/5.jpg)
5
Agenda - Morning session up to tea break
• Topic 1: Workshop Introduction - 08:30 to 08:45
• Welcome, introduction to delegates
• Workshop Objectives & Agenda
• Workshop administrative arrangements & review of delegate materials
• Topic 2: Introduction to the Protection of Personal Information Act
(POPIA) - 08:45 to 09:30
• History and evolution of POPIA legislation in South Africa
• The 8 conditions of POPIA
• Other compliance requirements
• Topic 3: Why POPIA matters - 09:30 to 10:15
• Compliance with laws and regulations
• Codes of conduct
• POPIA “Stick & Carrot”
April 2018 Copyright Dr Peter Tobin, 2018
![Page 6: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/6.jpg)
6
Agenda - Morning session up to lunch
• Topic 4: What you need to do about Data Privacy & POPIA - 10:40 to
11:30
• What are Data Privacy & POPIA?
• What is the scope of impact?
• What action is required?
• Topic 5: Where Data Privacy & POPIA rules apply - 11:30 to 12:15
• Types of organisation
• Global geographic context
• Data and data subjects
April 2018 Copyright Dr Peter Tobin, 2018
![Page 7: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/7.jpg)
7
Agenda - Afternoon session up to tea break
• Topic 6: Special issues re Data Privacy & POPIA - 13:00 to 13:45
• Cloud computing
• Bring Your Own Device
• Mobile devices
• Topic 7: Practical examples of POPIA non-compliance - 13:45 to 14:45
• Violation examples presentation
• Violation examples exercise
• Violation examples and discussion
April 2018 Copyright Dr Peter Tobin, 2018
![Page 8: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/8.jpg)
8
Agenda - Afternoon session up to close
• Topic 8: Summative assessment - 15:00 to 15:45
• 20 question multiple choice assessment
• Workshop closure activities - 15:45 to 16:30
• Personal action plan
• Workshop feedback
• Recognition of achievements
• Closing ceremony including team and individual photographs
Day closes at 16:30
April 2018 Copyright Dr Peter Tobin, 2018
![Page 9: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/9.jpg)
9
Review of materials
• Please refer to your workshop materials
April 2018 Copyright Dr Peter Tobin, 2018
![Page 10: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/10.jpg)
10
Agenda - Morning session up to tea break
• Topic 1: Workshop Introduction - 08:30 to 08:45
• Welcome, introduction to delegates
• Workshop Objectives & Agenda
• Workshop administrative arrangements & review of delegate materials
• Topic 2: Introduction to the Protection of Personal Information Act
(POPIA) - 08:45 to 09:30
• History and evolution of POPIA legislation in South Africa
• The 8 conditions of POPIA
• Other compliance requirements
• Topic 3: Why POPIA matters - 09:30 to 10:15
• Compliance with laws and regulations
• Codes of conduct
• POPIA “Stick & Carrot”
April 2018 Copyright Dr Peter Tobin, 2018
![Page 11: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/11.jpg)
11
Introduction to the Protection of Personal Information Act (POPIA)
• History and evolution of POPIA legislation in South Africa
• Privacy is addressed in the Constitution of the Republic of South Africa,
1996 - Chapter 2: Bill of Rights, section 14 Privacy
• Everyone has the right to privacy, which includes the right not to have
a) their person or home searched;
b) their property searched;
c) their possessions seized; or
d) the privacy of their communications infringed.
April 2018 Copyright Dr Peter Tobin, 2018
![Page 12: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/12.jpg)
12
Introduction to the Protection of Personal Information Act (POPIA)
• Access to information is addressed in the Constitution of the Republic of
South Africa, 1996 - Chapter 2: Bill of Rights, section 32 Access to
Information
• 32. Access to information
• Everyone has the right of access to
a) any information held by the state; and
b) any information that is held by another person and that is required
for the exercise or protection of any rights.
April 2018 Copyright Dr Peter Tobin, 2018
![Page 13: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/13.jpg)
13
Introduction to the Protection of Personal Information Act (POPIA)
• POPIA was a Bill up to November 2013 when it received the assent of the
President and appeared in the Government Gazette as Act No. 4 of 2013
• In April 2014 partial commencement of the POPI Act occurred to support
the establishment of the Information Regulator South Africa (InfoRegSA)
• The InfoRegSA core team took office in December 2016
• Full commencement of POPIA is expected in 4Q2018
• There will be a 12 month transition period, unless extended by the Minister
April 2018 Copyright Dr Peter Tobin, 2018
![Page 14: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/14.jpg)
14
Introduction to the Protection of Personal Information Act (POPIA)
• The 8 conditions of POPIA
• They are modeled on the principles found in the OECD and EU approach
• Accountability
• Processing Limitation
• Purpose Specification
• Further Processing Limitation
• Information Quality
• Openness
• Security safeguards
• Data Subject Participation
April 2018 Copyright Dr Peter Tobin, 2018
![Page 15: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/15.jpg)
15
Introduction to the Protection of Personal Information Act (POPIA)
• Accountability = assigning ownership in your business;
• Processing Limitation = processing information for lawful reasons and in a
manner that does not infringe privacy;
• Purpose Specification =only obtaining and holding personal information
for a specific purpose;
• Further Processing Limitation = Further processing of personal information
must be compatible with the purpose for which it was collected;
April 2018 Copyright Dr Peter Tobin, 2018
![Page 16: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/16.jpg)
16
Introduction to the Protection of Personal Information Act (POPIA)
• Information Quality = information is complete and accurate;
• Openness = being honest about collection and processing;
• Security safeguards = using reasonable technical and organisational
measures;
• Data Subject Participation = an individual may request the information is
accessed, deleted or corrected.
April 2018 Copyright Dr Peter Tobin, 2018
![Page 17: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/17.jpg)
17
Introduction to the Protection of Personal Information Act (POPIA)
April 2018 Copyright Dr Peter Tobin, 2018
![Page 18: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/18.jpg)
18
Introduction to the Protection of Personal Information Act (POPIA)
April 2018 Copyright Dr Peter Tobin, 2018
![Page 19: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/19.jpg)
19
Introduction to the Protection of Personal Information Act (POPIA)
April 2018 Copyright Dr Peter Tobin, 2018
![Page 20: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/20.jpg)
20
Introduction to the Protection of Personal Information Act (POPIA)
• Other compliance requirements
• Special PI
• Children
• Rights of Data Subjects
• Information Officer Appointment
• Electronic Direct Marketing
• Transborder flows
April 2018 Copyright Dr Peter Tobin, 2018
![Page 21: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/21.jpg)
21
Why POPIA matters
• Compliance with laws and regulations• Basic Conditions of Employment Act 75 of 1997
• Companies Act 71 of 2008
• Compensation for Occupational Injuries and Diseases Act 130 of 1993
• Consumer Protection Act 68 of 2008
• Electronic Communications and Transactions Act 25 of 2005
• Employment Equity Act 55 of 1998
• Income Tax Act 58 of 1962
• Insolvency Act 24 of 1936
• Labour Relations Act 66 of 1995
• Occupational Health and Safety Act 85 of 1993
• Promotion of Access to Information Act 2 of 2000
• Protection of Personal Information Act 4 of 2013
• The Regulation of Interception of Communications & Provision of Communication-Related
Information Act 70 of 2002
• Skills Development Levies Act 9 of 1999
• Unemployment Insurance Act 63 of 2002
• Value Added Tax Act 89 of 1991
April 2018 Copyright Dr Peter Tobin, 2018
![Page 22: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/22.jpg)
22
Why POPIA matters
• Codes of conduct
April 2018 Copyright Dr Peter Tobin, 2018
![Page 23: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/23.jpg)
23
Why POPIA matters
• POPIA “Stick & Carrot”
• POPIA stick: reactive and based on a negative impact for non-
compliance
• Fines
• Reputation damage
• POPIA carrot: proactive and based on a positive impact for compliance
• Product and service innovation
• Reputation enhancement
April 2018 Copyright Dr Peter Tobin, 2018
![Page 24: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/24.jpg)
24
Agenda - Morning session up to lunch
• Topic 4: What you need to do about Data Privacy & POPIA - 10:40 to
11:30
• What are Data Privacy & POPIA?
• What is the scope of impact?
• What action is required?
• Topic 5: Where Data Privacy & POPIA rules apply - 11:30 to 12:15
• Types of organisation
• Global geographic context
• Data and data subjects
April 2018 Copyright Dr Peter Tobin, 2018
![Page 25: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/25.jpg)
25
What you need to do about Data Privacy & POPIA
• What are Data Privacy & POPIA?
• Data privacy
• Is part of ethical business approach
• Requires leadership and accountability
• Demonstrates integrity
• Thrives with direction & oversight
• POPIA
• Is a specific legal interpretation that looks at personal information only
April 2018 Copyright Dr Peter Tobin, 2018
![Page 26: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/26.jpg)
26
What you need to do about Data Privacy & POPIA
• What is the scope of impact?
• POPIA addresses living individuals and juristic entities
• All organisations that process personal information
• Exemptions apply
• Certain activities of the state
• Journalistic activities
• International law enforcement
• Regulator may also exempt for specific reasons
• Household activities
April 2018 Copyright Dr Peter Tobin, 2018
![Page 27: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/27.jpg)
27
What you need to do about Data Privacy & POPIA
POPIA Act impact areas
April 2018 Copyright Dr Peter Tobin, 2018
1. Acquisition & disposition to other parties of personal information
2. Appointment of Information Officer
3. Company newsletters, notice boards
4. Company secretary5. Competitor information6. Compliance audits7. Consent records / denial
records8. Contract management /
procurement
9. Contractual agreements
10. Creditors
11. Day-to-day email and other
communications
12. Debtors
13. Document retention periods
14. General Accounting systems including
payroll
15. Government and community relations
16. Human Resources, including induction,
training, record keeping
17. Insurance policies
![Page 28: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/28.jpg)
28
What you need to do about Data Privacy & POPIA
POPIA Act impact areas
April 2018 Copyright Dr Peter Tobin, 2018
18. Legal affairs19. Maintenance records20. Marketing, including
implications for documentation and on-line resources
21. Media and public relations22. Newsletters to subscribers23. On-site and off-site
information storage24. Other relevant legislation (e.g.
CPA, ECTA, LRA, OHSA, SDL, UIA)
25. PAIA Manual
26. Personal information destruction policies and procedures
27. Policy management28. Privacy Notices29. Safety and security, including access
control30. Sales, including records
management, proposals and contracts
31. Service agreements, in particular IT outsourcing
32. Surveys and competitions, 33. Time management systems34. Web site
![Page 29: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/29.jpg)
29
What you need to do about Data Privacy & POPIA
• What action is required?
• A comprehensive review of the current state of compliance
• This typically reveals one or more gaps between the current and required
level of compliance
• “Reasonable and appropriate” is key
April 2018 Copyright Dr Peter Tobin, 2018
![Page 30: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/30.jpg)
30
What you need to do about Data Privacy & POPIA
• Board responsibilities
• Governance starts at board or governing body level
• Board needs to set direction and provide oversight
• Looks at risk and value
• Takes long term, externally oriented view
• Hold ultimate accountability to external and internal stakeholders
April 2018 Copyright Dr Peter Tobin, 2018
![Page 31: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/31.jpg)
31
What you need to do about Data Privacy & POPIA
• Executive management responsibilities
• POPI Act defined Designated Head as accountable through the
Promotion of Access to Information Act (PAIA)
• Accountability for Designated Head (CEO) cannot be delegated in
private organisations
• Accountability can be delegated for public bodies
• Both public and private bodies may appoint deputies to assist with
compliance activities
April 2018 Copyright Dr Peter Tobin, 2018
![Page 32: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/32.jpg)
32
What you need to do about Data Privacy & POPIA
• Other responsibilities
• Multiple roles can be defined both inside and outside the organisation,
e.g.
Internal and External Audit
Information and Record Owners
Service providers & Operators
Employees
April 2018 Copyright Dr Peter Tobin, 2018
![Page 33: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/33.jpg)
33
What you need to do about Data Privacy & POPIA
Step 1: Initiate
• Set yourself up for success by formalising your compliance activities
• Establish a compliance preparation project
• Ensure you have proper authorisation and funding: we recommend a project
charter is drawn up and approved by the project sponsor
• Update and sign the Project Charter
• Update and sign the Information Officer and Deputy Information Officer
appointment letters
• Develop a preliminary plan of action
• Ensure you identify and engage your stakeholders
April 2018 Copyright Dr Peter Tobin, 2018
![Page 34: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/34.jpg)
34
What you need to do about Data Privacy & POPIA
Step 2: Assess
• Develop a solid business case based on impact area identification, costs and
benefits of your compliance preparation project (optional)
• Complete a structured compliance assessment in terms of the requirements
in the POPI Act
• Use the IACT-Africa Compliance Assessment Tools to discover areas for
remediation to address the requirements of the POPI Act; this can include
up to 17 assessments and hundreds of assessment questions depending on
what is reasonable and appropriate
• Document the assessments completed
April 2018 Copyright Dr Peter Tobin, 2018
![Page 35: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/35.jpg)
35
What you need to do about Data Privacy & POPIA
Step 3: Consider
• In light of the Step 2 assessments, consider the areas that require remedial
action to achieve an acceptable level of risk in terms of achieving
compliance
• Consider what process, procedural, documentation, technical and
contractual changes need to be made
• Consider the entire Personal Information (PI) life cycle from acquisition
through ultimate disposal
• Consider all the organizational and technical factors for success (e.g. HR, IT,
processes)
• Obtain approval for a plan to achieve the required level of compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 36: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/36.jpg)
36
What you need to do about Data Privacy & POPIA
Step 4: Translate
• Translate your plans into action, with clearly defined objectives and
milestones to achievement
• Translate the conditions for lawful processing into specific evidence of your
remediation plan taking effect
• Translate your short term compliance preparation project into a long term
compliance commitment
• Translate the cost of compliance into the benefits of compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 37: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/37.jpg)
37
Where Data Privacy & POPIA rules apply
• Types of organisation
• No organisation is exempt
• Regardless of size
• Regardless of ownership structure
• Regardless of sector
• Certain exemptions apply as previously discussed
April 2018 Copyright Dr Peter Tobin, 2018
![Page 38: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/38.jpg)
38
Where Data Privacy & POPIA rules apply
• Global geographic context
• Global and regional initiatives have been underway for some years
• Key for SA is the status of our trading partners
• Biggest impact is likely to be from the EU General Data Protection
Regulation
April 2018 Copyright Dr Peter Tobin, 2018
![Page 39: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/39.jpg)
39
Where Data Privacy & POPIA rules apply
• Global geographic context
April 2018 Copyright Dr Peter Tobin, 2018
![Page 40: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/40.jpg)
40
Where Data Privacy & POPIA rules apply
• Regional geographic context
• Some countries on the continent are more advanced than South Africa
e.g. Ghana, Tunisia, Mauritius
• There are multiple regional initiatives
• SADC
• ECOWAS
• East Africa
• AU
April 2018 Copyright Dr Peter Tobin, 2018
![Page 41: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/41.jpg)
41
Where Data Privacy & POPIA rules apply
• Regional - Privacy laws in Africa
April 2018 Copyright Dr Peter Tobin, 2018
![Page 42: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/42.jpg)
42
Where Data Privacy & POPIA rules apply
• Global
geographic
context
April 2018 Copyright Dr Peter Tobin, 2018
![Page 43: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/43.jpg)
43
Where Data Privacy & POPIA rules apply
• POPI Act role definitions
• Data subject: Living individual or juristic entity from whom PI is collected
or about whom PI is processed
• Responsible Party: Organisation or individual processing the PI
• Operator: Service provider processing on behalf of the Responsible Party
April 2018 Copyright Dr Peter Tobin, 2018
![Page 44: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/44.jpg)
44
Where Data Privacy & POPIA rules apply
• Data and data subjects
• Data: Personal information is broadly defined, includes about or leading
to a data subject
• Data includes “Special” personal information of a more sensitive kind
e.g. medical & criminal
• Data subjects: Living individual or juristic entity
• Data subjects include customers, suppliers, employees, other
stakeholders; citizens; companies; government entities
April 2018 Copyright Dr Peter Tobin, 2018
![Page 45: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/45.jpg)
45
Where Data Privacy & POPIA rules apply
The POPI Act: 50 types of PI
April 2018 Copyright Dr Peter Tobin, 2018
![Page 46: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/46.jpg)
46
Where Data Privacy & POPIA rules apply
The POPI Act: 20 record types
April 2018 Copyright Dr Peter Tobin, 2018
![Page 47: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/47.jpg)
47
Where Data Privacy & POPIA rules apply
The POPI Act: Processing types
April 2018 Copyright Dr Peter Tobin, 2018
![Page 48: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/48.jpg)
48
Agenda - Afternoon session up to tea break
• Topic 6: Special issues re Data Privacy & POPIA - 13:00 to 13:45
• Cloud computing
• Bring Your Own Device
• Mobile devices
• Topic 7: Practical examples of POPIA non-compliance - 13:45 to 14:45
• Violation examples presentation
• Violation examples exercise
• Violation examples and discussion
April 2018 Copyright Dr Peter Tobin, 2018
![Page 49: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/49.jpg)
49
Special issues re Data Privacy & POPIA
Cloud computing
• Transborder refers to PI leaving South Africa
• There are no restrictions on PI entering South Africa
• Transborder PI restrictions are intended to protect PI in other jurisdictions
• This protection can be achieved through various means
• Proof of adequate protection
• Contracts (binding agreement)
• Binding Corporate Rules
April 2018 Copyright Dr Peter Tobin, 2018
![Page 50: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/50.jpg)
50
Special issues re Data Privacy & POPIA
Cloud computing
• Cloud computing carries specific and different risk to on-site management
of PI
• Multiple standards and frameworks exist e.g.
• ISO
• COBIT®5 Security
• ENISA
• CSA
• NIST
April 2018 Copyright Dr Peter Tobin, 2018
![Page 51: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/51.jpg)
51
Special issues re Data Privacy & POPIA
Bring Your Own Device
• Ownership of the device does not alter the need to protect the data
subject PI
• BYOD should be included as part of an overall risk assessment
• BYOD can be addressed by a combination of organisational (e.g. policies,
training, monitoring & oversight) and technical (e.g. electronic measures)
remediation steps
April 2018 Copyright Dr Peter Tobin, 2018
![Page 52: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/52.jpg)
52
Special issues re Data Privacy & POPIA
Mobile devices
• Should be included as part of an overall risk assessment
• Represent a potentially high level of probability of loss or compromise
• Represent a potentially high level of impact if compromised
• Some devices could be eliminated (e.g. USB sticks)
• Adequate protections would include encryption and other mobile device
management methods
April 2018 Copyright Dr Peter Tobin, 2018
![Page 53: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/53.jpg)
53
Practical examples of POPIA non-compliance
Violation examples presentation
April 2018 Copyright Dr Peter Tobin, 2018
![Page 54: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/54.jpg)
Loss or theft of paperwork 70
Data posted or faxed to incorrect recipient 83
Data sent by email to incorrect recipient 88
Insecure webpage (including hacking) 59
Loss or theft of unencrypted device 30
Insecure disposal of paperwork 15
Failure to redact data 13
Information uploaded to webpage 10
Verbal disclosure 3
Insecure disposal of hardware 2
Other principle 7 failure (security incident) 124
TOTAL 49754
Practical examples of POPIA non-compliance
UK Regulator incident report Oct-Dec 2015
April 2018 Copyright Dr Peter Tobin, 2018
![Page 55: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/55.jpg)
55
Practical examples of POPIA non-compliance
Open computer data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 56: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/56.jpg)
56
Practical examples of POPIA non-compliance
Incorrect addressee data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 57: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/57.jpg)
57
Practical examples of POPIA non-compliance
Incorrect attachment data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 58: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/58.jpg)
58
Practical examples of POPIA non-compliance
Inaccurate addressee data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 59: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/59.jpg)
59
Practical examples of POPIA non-compliance
Disclosure of PI data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 60: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/60.jpg)
60
Practical examples of POPIA non-compliance
Sticky notes with PI data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 61: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/61.jpg)
61
Practical examples of POPIA non-compliance
Confidential documents data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 62: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/62.jpg)
62
Practical examples of POPIA non-compliance
Waste / recycle bin data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 63: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/63.jpg)
63
Practical examples of POPIA non-compliance
Smartphone unsecured data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 64: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/64.jpg)
64
Practical examples of POPIA non-compliance
Lost keys data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 65: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/65.jpg)
65
Practical examples of POPIA non-compliance
Lost digital items data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 66: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/66.jpg)
66
Practical examples of POPIA non-compliance
Open file data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 67: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/67.jpg)
67
Practical examples of POPIA non-compliance
USB data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 68: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/68.jpg)
68
Practical examples of POPIA non-compliance
Unsecured access card data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 69: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/69.jpg)
69
Practical examples of POPIA non-compliance
Forgotten printer document data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 70: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/70.jpg)
70
Practical examples of POPIA non-compliance
Forgotten PI on the whiteboard data breach
April 2018 Copyright Dr Peter Tobin, 2018
![Page 71: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/71.jpg)
71
Practical examples of POPIA non-compliance
OK, now the real test……
• On the next slide you will see a number of possible data privacy violations
• Work with your partner to see how many you can identify
• Use your answer sheet to capture your observations
• CLUE: there’s more than 15 violations to find
April 2018 Copyright Dr Peter Tobin, 2018
![Page 72: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/72.jpg)
© John Cato & Dr Peter Tobin, 2016. All rights reserved72
insert date
![Page 73: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/73.jpg)
© John Cato & Dr Peter Tobin, 2016. All rights reserved73
insert date
14
![Page 74: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/74.jpg)
74
Practical examples of POPIA non-compliance
Violation examples exercise
April 2018 Copyright Dr Peter Tobin, 2018
![Page 75: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/75.jpg)
75
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 76: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/76.jpg)
76
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 77: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/77.jpg)
77
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 78: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/78.jpg)
78
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 79: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/79.jpg)
79
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 80: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/80.jpg)
80
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 81: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/81.jpg)
81
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 82: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/82.jpg)
82
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 83: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/83.jpg)
83
Practical examples of POPIA non-compliance
Violation examples and discussion
April 2018 Copyright Dr Peter Tobin, 2018
![Page 84: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/84.jpg)
84
Practical examples of POPIA non-compliance
Global
• There are too many examples of failures to manage data privacy to mention
them all here
• Key examples well documented include
• Yahoo
• Talk Talk
April 2018 Copyright Dr Peter Tobin, 2018
![Page 85: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/85.jpg)
85
Practical examples of POPIA non-compliance
Yahoo boss Marissa Mayer loses out on millions in bonuses over hacks
• An internal probe found that executives at the firm reacted too slowly after
discovering evidence of a security breach in 2014
• Security breaches at the internet giant exposed the personal information of
more than a billion users
• Yahoo! Is taking a $350 million hit on its previously announced $4.8 billion
sale to Verizon in a concession for security lapses that exposed personal
information stored in more than 1 billion Yahoo! User accounts
April 2018 Copyright Dr Peter Tobin, 2018
Source: news.sky.com 2 March 2017
![Page 86: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/86.jpg)
86
Practical examples of POPIA non-compliance
The indictment charges two officers of the FSB, Russia's Federal Security
Service, and two hackers who allegedly worked hand-in-hand with them to
crack 500 million Yahoo user accounts….. The Russian government had no
official comment on the charges in the Yahoo case. Source: Reuters, 16 March
2017
April 2018 Copyright Dr Peter Tobin, 2018
![Page 87: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/87.jpg)
87
Practical examples of POPIA non-compliance
National
• Several well publicized cases of data loss e.g.
Theft of passports and visa from UK High Commission
Theft of laptops from Office of Chief Justice
Theft of laptops from SABC parliament precinct office
• Suspected many more go unreported at present
April 2018 Copyright Dr Peter Tobin, 2018
![Page 88: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/88.jpg)
88
Practical examples of POPIA non-compliance
Would you trust this person with your information?
April 2018 Copyright Dr Peter Tobin, 2018
“Chief Justice MogoengMogoeng’s offices burgled”
Luckily, this is not his office!
![Page 89: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/89.jpg)
89
Practical examples of POPIA non-compliance
Chief Justice Mogoeng Mogoeng’s offices burgled
April 2018 Copyright Dr Peter Tobin, 2018
“Fifteen computers in the
human resources unit
which contained important
information about judges in
the country, officials in the
office of the chief justice, the
Constitutional Court, high
courts, Supreme Court of
Appeal and other specialists
courts were stolen.”
Points to ponder
• Risk assessment?
• Security policy?
• Security measures in place?
• Training?
• Threat monitoring?
• Data recovery?
• Data loss management?
Source: http://citizen.co.za/news/news-
national/1461845/chief-justice-
mogoeng-mogoengs-offices-burgled/
![Page 90: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/90.jpg)
90
Agenda - Afternoon session up to close
• Topic 8: Summative assessment - 15:00 to 15:45
• 20 question multiple choice assessment
• Workshop closure activities - 15:45 to 16:30
• Personal action plan
• Workshop feedback
• Recognition of achievements
• Closing ceremony including team and individual photographs
Day closes at 16:30
April 2018 Copyright Dr Peter Tobin, 2018
![Page 91: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/91.jpg)
91
Workshop assessment
• This is an individual assessment
• There are 20 multiple-choice questions
• 1 point for correct answers
• 0 points for blank or incorrect
• Good luck……..you need to be quick as the questions will not be shown for
long and no second views!
April 2018 Copyright Dr Peter Tobin, 2018
![Page 92: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/92.jpg)
92
Workshop closure activities
• Personal action plan
• Workshop feedback
• Recognition of achievements
• Closing ceremony including team and individual photographs
April 2018 Copyright Dr Peter Tobin, 2018
![Page 93: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/93.jpg)
93
Workshop close and next steps
• Please discuss with your neighbour your key learning points
• Start to make POPI Act compliance part of the way you work
• For more information about the POPI Act please visit http://smetoolkit.businesspartners.co.za/en/legalinsurance/compliance-popi
• Thank you for your attendance
April 2018 Copyright Dr Peter Tobin, 2018
![Page 94: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/94.jpg)
94
Workshop closure activities
A Moment (or two) of reflection
• What were my most significant learning opportunities from the workshop?
.......................................................................................................
.......................................................................................................
.......................................................................................................
• What did I already know that was reinforced by what I heard and saw?
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
![Page 95: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/95.jpg)
95
Workshop closure activities
A Moment (or two) of reflection
• What previously held assumptions and beliefs were overturned?
.......................................................................................................
.......................................................................................................
.......................................................................................................
• What stimulated me most?
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
![Page 96: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/96.jpg)
96
Workshop closure activities
Action Items List
• Top 3 things to STOP doing
.......................................................................................................
.......................................................................................................
.......................................................................................................
• Top 3 things to START doing
.......................................................................................................
.......................................................................................................
.......................................................................................................
• Top 3 things to CONTINUE doing
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
![Page 97: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/97.jpg)
97
Workshop closure activities
Personal Action Plan
• Within 5 days I will:
.......................................................................................................
.......................................................................................................
.......................................................................................................
• Within 20 days I will:
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
![Page 98: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/98.jpg)
98
Workshop closure activities
Workshop feedback
• Please complete the workshop feedback form to enable us to learn from
your experience
• We value your feedback which will be taken into account when planning
future programmes.
April 2018 Copyright Dr Peter Tobin, 2018
![Page 99: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/99.jpg)
99
Workshop closure activities
Awards and recognition
April 2018 Copyright Dr Peter Tobin, 2018
![Page 100: Welcome all delegates to PoPIA Workshop …...• POPIA was a Bill up to November 2013 when it received the assent of the President and appeared in the Government Gazette as Act No.](https://reader030.fdocuments.net/reader030/viewer/2022040806/5e462d52512ad54c8f0fa41b/html5/thumbnails/100.jpg)
100
Workshop closure activities
THANK YOU FOR YOUR PARTICIPATION
PLEASE TRAVEL HOME SAFELY
April 2018 Copyright Dr Peter Tobin, 2018