mark heyink n.
Skip this Video
Loading SlideShow in 5 Seconds..
MARK HEYINK PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 19

MARK HEYINK - PowerPoint PPT Presentation

  • Uploaded on

MARK HEYINK. Is South Africa ready for POPI?. Date: 22/10 /2013. Protection of Personal Information. Right to be left alone Enshrined in sect 14 of Constitution Balances right of privacy with other rights, in particular access to information Prescribes minimum processing requirements

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'MARK HEYINK' - slade

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mark heyink


Is South Africa ready for POPI?

Date: 22/10/2013

protection of personal information
Protection of Personal Information
  • Right to be left alone
  • Enshrined in sect 14 of Constitution
  • Balances right of privacy with other rights, in particular access to information
  • Prescribes minimum processing requirements
  • Provides remedies to abuse of PI
  • Protects free flow of information
  • International harmony





Prof. Lawrence Lessig

status of protection of personal information bill
Status of Protection of Personal Information Bill
  • Passed by House of Assembly 20th August
  • President to Assent
  • Transitional Period 1 year
  • Regulator will need to be appointed and established
  • Data Subject= person to whom personal information relates
  • Responsible Party= determines the purpose of and means for processing personal information
  • Operator= processes information on behalf of Responsible Party
  • Personal Information= information relating to an identifiable living natural person or juristic person
  • Processing=widely defined and includes collection, storage, communication, use, alteration and destruction
  • Record=any recorded information regardless of form or medium
application of popia
Application of POPIA
  • General law of application
    • Processing of personal information
    • Non automated if intended for filing system
    • Public and private bodies
  • The responsible party (person who determines purpose and means of processing) must ensure that conditions are complied with
  • Must identify PI being processed and ensure processing is managed appropriately
  • Operators must also be managed
processing limitation
Processing Limitation
  • PI must be processed lawfully and in a reasonable manner that does not infringe privacy of data subject
  • Minimality
    • Adequate, relevant and not excessive
  • Consent, justification and objection
  • Sect 11 justifications
processing limitation1
Processing Limitation
  • Collection directly from data subject
  • Exception
    • public record or deliberately made public by DS
    • no prejudice to DS
    • enforcement of law
    • court proceedings
    • national interest
purpose specification
Purpose Specification
  • Collection for a specific purpose expressly defined
  • Data subject aware of purpose and collection of PI [s 17(2)]
  • Retention for no longer than PI may be required
    • Some exceptions including, required by law and statistical, historical or research purposes
further processing
Further Processing
  • Further Processing must be compatible with purpose for which PI initially collected
  • Sect 15 sets out guidelines which assist responsible party in determining compatibility of purpose
information quality
Information Quality
  • Responsible party must take reasonably practicable steps to ensure information remains complete, accurate, not misleading and is updated where necessary
  • ECTA Chapter 3: Uncitral Model Laws on E Commerce and e Signatures
  • Information Security
  • Openness promotes transparency and fairness
  • Maintain all documentation of processing operations
  • Data subject must be aware:
    • Information collected
    • Identity of Responsible party
    • Purpose of collection
    • Various other protections
  • Compliance not necessary in some instances sect 18(4)
security safeguards
Security Safeguards
  • Responsible party must:
    • secure integrity of personal information
    • Apply GAISP
    • Ensure operators apply GAISP
  • Notification of security breaches
    • Regulator
    • Data subject
data subject participation
Data-subject Participation
  • Data subject has the right to:
    • Access to PI; and
    • To request correction or deletion of PI
  • If responsible party disagrees with correction must still attach information to PI that the data subject has requested correction
  • Provisions of ss 18 and 53 of PAIA apply
information security
Information Security
  • Seeks to safeguard:
    • Confidentiality
    • Integrity
    • Availability
  • Must address
    • Technology
    • Process
    • People
  • MISS???
information officer
Information Officer
  • Statutory Requirement
  • Must be a leader
  • Change of culture
  • Must know the organisation
  • Must understand the law
  • Will work with Regulator
  • PAIA
  • We live in the Information Revolution
  • Dangers abound
  • Law is challenged
  • PPI Bill and Regulator a step in the right direction
  • This is only the first step
  • Education is critical
thank you

The incidents related and examples provided in this presentation are based on fact, only names and dates have been changed to protect innocent (and not so innocent) people involved.

Mark Heyink

Tel 011 454 0449

Fax 011 454 0036

Cell 082 904 3774