320 likes | 618 Views
The Protection of Personal Information Act 2013 Personal Information is your business 25.09.14. KOMESHNI PATRICK TECHNOLOGY LAWYER/DIRECTOR/ENDCODE.ORG. Contents. Definitions Aims Exemptions Key Role Players for POPI 8 Conditions of POPI POPI and Consent POPI and Notification
E N D
The Protection of Personal Information Act 2013Personal Information is your business25.09.14 KOMESHNI PATRICK TECHNOLOGY LAWYER/DIRECTOR/ENDCODE.ORG
Contents • Definitions • Aims • Exemptions • Key Role Players for POPI • 8 Conditions of POPI • POPI and Consent • POPI and Notification • Giving PI Away • POPI for Business • PI & Cybercrime
What is Personal Information (PI)? • Section 1 • Identifiable, living, natural person or identifiable, existing juristic person • Race, sex, gender, name, sexual orientation, age, mental health • Medical, financial, criminal or employment history • E-mail address, physical address, telephone number, location information, online identifier • Biometric information • Personal opinions, views or preferences • Private correspondence • Opinions of another individual about the person • name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
What is Special Personal Information? • Section 1 • The religious or philosophical beliefs • race or ethnic origin • trade union membership • political persuasion • health or sex life or biometric information of the person • The criminal behaviour of the person to the extent that such information relates to— • The alleged commission by the person of any offence • Any proceedings in respect of any offence allegedly committed by the person or the disposal of such proceedings
What is Processing? • Sections 1 and 4 of POPI • Processing means any activity whether by automatic means or not, concerning personal information, including • The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; • Dissemination by means of transmission, distribution or making available in any other form; or • Merging, linking, as well as restriction, degradation, erasure or destruction of information; • Processing must be for a defined and legitimate purpose that is clear to the DS from whom you are collecting the PI
The Protection of Personal Information 4 of 2013 (POPI) Aims: • Protection of PI processed by private and public bodies • Minimum requirements for processing of PI • Establishment of Information Regulator • Codes of Conduct • Rights protection against SPAM and automated decision-making • Regulate cross-border flow
Giving Your PI Away Shopping online Subscribing or registering Competitions, prizes, rewards Online games and virtual worlds Social Media Online Browsing Employment Name Surname email address telephone number postal address city Education credit card number ID number physical address
POPI for Business FinancialEducation Transport Gaming Social Media Advertising Music Telecoms Credit Sports Mapping Insurance IT Banking Medical Personal Information is your Business
POPI for Business • Well managed brand • Strengthens the brand • Conveys that the business understands its legal obligations to the client • Builds trust in the brand
POPI for Business • Privacy infringement • Loss of Intellectual Property • Defamation • Loss of sensitive information • Security compromise - issues of national security • Financial loss • POTENTIAL FOR LITIGATION • Brand Damage
PI and Cyber Crime Cybercrime PI
PI & Cybercrime Lloyd’s 2013 Risk Index Report Cyber security has moved from 12th position to 3rd position as a global concern to business. The 2013 Norton Report South Africa has the third highest number of cybercrime victims following Russia and China. PwC’s Global State of Information Security Survey 2014 reported a rise of 25% in security incidents with a 51% rise in spend on security. Overall, this makes up only 4% of the IT spend.
PI & Cybercrime South Africa’s National Cyber Security Policy Framework was passed in March 2012 18 months later Department of Communications appointed the National Cyber Security Advisor in October 2013 Goal co-ordinate government actions on cyber security and ensure co-operation between government, the private sector and civil society on addressing cyber threats
PI & Cybercrime The Electronic Communications and Transactions Act 2002 9 years later No cyber inspectors to enforce cyber security WolfpackInformation Risk’s report – The South African Cyber Threat Barometer 2012/13 no national computer security incident response team no national response team to co-ordinate a cyber defence strategy Annual losses in 3 sectors = R2.65 billion
PI & Cybercrime India Sponsored training for 500 000 “cyber warriors” South Korea 5000 cyber specialists are developed annually United Kingdom 11 centres established for cyber skills development allied to the universities South Africa ?
Komeshni Patrick Thanks, Questions? Komeshni.patrick@endcode.org www.endcode.org