The internet and associated information technologies have driven unprecedented innovation, economic value, and access to social services. Many of these benefits are fuelled by data about individuals that flow through complex ecosystems. As a result, individuals may not be fully aware of the potential consequences for their privacy as they interact with systems, products, and services. At the same time, organisations may not realize the full extent of these consequences for individuals, society, or enterprises.
The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organisations - individual harms may include identity theft, embarrassment, or blackmail. Organisational harms may include a loss of public trust, legal liability, or remediation costs.
The difference between POPI and POPIA
What is POPI?
POPI stands for Protection of Personal Information. Regardless of whether there is a law or not, organisations should be considering what Personal Information they capture, manage and store, and how best to secure this. It makes common, logical sense that this information is sensitive, and shouldn't be exposed. One of the principles that we all should consider is "privacy by design". This means that we should consider privacy implications in all our processes and systems and build security and privacy concepts into the day-to-day operation of our organisations. POPI is all about Privacy, and this means security. To secure information, organisations need to clearly understand what information is gathered and kept.
What is POPIA?
POPIA stands for the Protection of Personal Information Act, Act No. 4 of 2013 or POPI Act. This is the new law that most (if not all organisations) will need to follow. Is there a difference between POPI and POPIA? Yes and no. POPI is the act of protecting Personal Information. This implies that all the policies, procedures, processes, and practices in the organisation relating to personal information, are in fact doing POPI. You cannot "do" POPIA, as this is merely the name of the law. In summary, to comply with POPIA, you need to implement a POPI programme.
Implications for POPIA
If a South African organisation conducts business with an EU organisation, they need to understand the implications of the General Data Protection Regulations (GDPR). Any cross-border flow of information to and from the EU should be considered.
The Protection of Personal Information Act (POPIA) gives effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party.
The Protection of Personal Information Act (POPIA) includes provision for justifiable limitations including:
− Balancing the right to privacy against other rights, particularly the right of access to information
− Protecting important interests, including the free ﬂow of information within the Republic and across international borders
POPIA Workshop through MIE
To support POPIA protocols and ensure your teams work toward the same Data Privacy goals, MIE has designed a half day workshop which will cover the following areas:
− Understanding the importance of information privacy, the level of privacy required for personal information stored and processed by the organization, and your individual privacy responsibilities
− Understanding the extent to which staff demonstrate expected privacy behaviour in line with their individual privacy responsibilities and the level of privacy required for personal information stored and processed by the organization
− Different types of personal information
− How changes in information technology have increased the threats to privacy
− The types of privacy threats that individuals and organizations face
− Key considerations related to web security and mobile app security
− Understanding the nature of privacy threats related to web access and the use of mobile apps
− The design of privacy notices for both the web and mobile app environments
The overall objective of MIE’s POPIA workshop is to develop privacy awareness that permeates to all levels of the organization and to promote an effective privacy culture. In addition, to improve an individual’s awareness of today’s most common cybersecurity threats and how to protect themselves and your organization from cyber threats.