By: Ms Peterlia Ramutsheli

Slides:

Advertisements

Similar presentations

Institute of Municipal Finance Officers & Related Professions

Advertisements

Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.

CIVILIAN SECRETARIAT FOR POLICE. PRESENTATION TO THE SELECT COMMITTEE ON SECURITY AND CONSTITUTIONAL DEVELOPMENT OF THE NCOP 11 SEPTEMBER 2013 CRIMINAL.

PORTFOLIO COMMITTEE MEETING; 14 NOVEMBER 2013 PRESENTATION ON WOMEN EMPOWERMENT AND GENDER EQUALITY BILL, 2013.

Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.

CLEAN AUDIT PROGRAMME - COMMUNITY DEVELOPMENT 2012/13 07 January 2014 Community Development.

Briefing to the Portfolio Committee on Economic Development Department on the audit outcomes for the 2013/2014 financial year Presenter: Ahmed Moolla October.

Legal framework Look at the legal compliance and framework a business is subject to.

Select Committee on Education and Recreation 29 November 2011 Parliament, Cape Town.

Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Protection of Personal Information Act An Analysis on the impact.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

General Data Protection Regulation (EU 2016/679)

Monique Jefferson & Nadine Mather

GDPR 12 POINTS 679/2016 DATA LEX 2016.

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

Subrecipient Monitoring

Presentation to the Portfolio Committee on Communications on the:

Audit of predetermined objectives

Audit report – Notes to the presentation Understanding of the Briefing Process of audit outcomes 9 September 2014.

Audit report – Notes to the presentation Understanding of the Briefing Process of audit outcomes 10 September 2014.

Data Protection and Confidentiality

Privacy principles Individual written policies

Role of NHRIs in Advancing Business and Human Rights Dr. M

AGSA APPROACH TO mSCOA REFORM 9 March 2017

Select Committee Meeting on Education and Recreation

Briefing to the Portfolio Committee on Health Audit outcomes of the health portfolio and health sector for the financial year October 2014.

Information Destruction; 2017 and beyond!

RESPONSE TO SUBMISSION MADE BY HUMAN RIGHTS COMMISSION

EMPLOYMENT EQUITY ACT, No 55, 1998 (EEA)

IS4680 Security Auditing for Compliance

Explorative Analysis of the Implications and Compliance of the Protection of Personal Information (POPI) Act in a Open and Distance Learning (ODL) Institution:

Privacy principles Individual written policies

Standing Committee on Appropriations

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

GDPR Overview Gydeline – October 2017

Department of Environmental Affairs: Disagreement

GDPR Overview Gydeline – October 2017

GENERAL DATA PROTECTION REGULATION (GDPR)

INTRODUCTION TO Compliance audit METHODOLGY and CAM

GDPR - New Data Protection Regulation

Implications of the PoPI Act for the higher education sector

FPB REGULATORY & COMPLIANCE ENVIROMENT

Portfolio Committee On Sports and Recreation 7 November 2017

The GDPR & Schools - An Introduction -

General Data Protection Regulation

Predetermined Objectives – 2013/14

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

GDPR - New Data Protection Regulation

GDPR (General Data Protection Regulation)

WHAT TO EXPECT: A CROWN CORPORATION’S GUIDE TO A SPECIAL EXAMINATION

Accountabilities of health and social care practitioners

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

Assessment of Quality in Statistics GLOBAL ASSESSMENTS, PEER REVIEWS AND SECTOR REVIEWS IN THE ENLARGEMENT AND ENP COUNTRIES Mirela Kadic, Project Manager.

22 FEBRUARY 2013 PRESENTATION OF THE AUDITOR-GENERAL of SOUTH AFRICA

Protecting Business Assets While Enabling Performance

What YOUR ORGANIZATION CAN be doing to prepare

Upcoming PIPEDA Changes

The supervision of personal data processing by EU institutions and bodies => data protection and privacy, why it matters, for you as citizens and as EU.

Portfolio Committee Meeting on Higher Education and Training

30 January 2014 Department of Agriculture, Forestry and Fisheries (DAFF) Briefing to the Portfolio Committee.

PRESENTATION OF THE COMMISSION FOR GENDER EQUALITY AMENDEMENT BILL TO THE SELECT COMMITTEE 19 JUNE 2013.

Briefing to the Portfolio Committee on Defence on the audit outcomes for the 2013/2014 financial year.

AUDIT & RISK INDABA Adv Boreka Motlanthe.

Briefing to the Portfolio Committee on Department of Correctional Services on the audit outcomes for the 2013/2014 financial year Presenter: Solly Jiyana.

The Chamber of Accounts The Republic of Azerbaijan

Portfolio Committee Meeting on Higher Education and Training

Presentation transcript:

By: Ms Peterlia Ramutsheli The impact of Protection of Personal Information (POPI) Act on the Role of Internal Auditors @ Audit and Risk Indaba 2017 By: Ms Peterlia Ramutsheli (072 957 2978)

Who is Bono Skills Development? Formal Classroom Training PSETA and LGSETA Accredited Training Provider On-the-job Training

Table of Content What is POPI Act? POPI Act Background What is personal information? Why is POPI Act important? Areas affected by POPI Act Risks facing organisations if there is non-compliance with POPI Act How are Internal Auditors impacted? A road to becoming POPI Compliant

What is POPI Act? POPI Act is a South Africa’s primary legislation dealing with the processing of personal information. The POPI Act was signed into law by the President of South Africa on 19 November 2013.

POPI Act Background The right to privacy as enshrined in Section 14 of the Constitution of the Republic of South Africa, must be respected or adhered to at all times The right to privacy is a fundamental human right in the constitution Therefore, the use of personal information must be done lawfully and not infringe the right of individual’s privacy

POPI Act Background The President has appointed Adv Ntlakula to be the Information Regulator and she commenced duty on 01 December 2016. Her mandate will be to monitor compliance with the requirements of the POPI Act.

POPI Act Background Organisations will have only 1 year to get their processes and systems aligned with the conditions of the POPI Act. Therefore, organisations needs to start the process of converting their processes and systems NOW in preparation for the compliance with the requirements of the POPI Act

Biometric information What is Personal Information? means information relating to an identifiable, living natural person, and where it is applicable, existing juristic person, including, but not limited to: Trade union Disability Physical Address Race Criminal Criminal Gender Name Religion Marital Status Contact Details Financial Political Persuasion Age Personal Opinions Biometric information Employment History Medical Education

Why is POPI Act important? (1) Economic Benefit South Africa has many bilateral and multi-lateral agreements with various countries which are good for growing our economy However, some countries do not want to associate themselves with countries which do not have adequate data protection laws in place hence South Africa had to align itself, through the POPI Act, with International Data Protection best practices such as European Union (EU) Data Protection Directive

Why is POPI Act important? (2) Protect People’s Constitutional Right to Privacy South Africans are going through excessive abuse and harassment in a form of smses, emails and calls selling various goods and services without their consent Fraudsters steal/fake people’s documents and execute financial transactions. The sad part is employers becomes part of this crime by confirming employments without the relevant employees’ knowledge/ consent

Why was POPI Act introduced? POPI Act seek to balance the legitimate needs of the organisations with the constitutional right to privacy of individuals whose personal information is being used by those organisations. POPI Act says as organisations use the personal information of its data subjects to do its normal business, they should not abuse or use such information unlawfully to infringe their privacy.

Areas affected by POPI Act

Risks facing organisations if there is non-compliance with POPI Act If organisations fails to comply with the POPI requirements, this may give rise to serious risks such as: Administrative fines such as those prescribed by (POPI) Act, i.e. up to R10 million fines and/or up to 10 years imprisonment by responsible officials

Risks facing organisations if there is non-compliance with POPI Act Failure to attract new donors or withdrawals by the current ones Retaliation by affected Data Subjects using available internet consumer sites and social media Reputational harm to the organisation

How are Internal Auditors impacted? POPI conditions introduces new ways which organisations should collect, share, store, archive, retain and destroy the personal information of its Data Subjects and this posses new category of risks called personal information protection risks Therefore, Internal Auditors as the Business Advisors should advise organisations to amend its processes and systems to align with the conditions of the POPI Act for the above risks to be mitigated.

How are Internal Auditors impacted? But how should Internal Auditors provide this advise to the organisation’s Management???

How are Internal Auditors impacted? Internal Auditors should advise Management through: Identifying the personal information protection risks during the planning of their audits Incorporating the audit procedures which will test POPI compliance conditions Make relevant recommendations which will enable organisations to move towards being POPI Compliant

How are Internal Auditors impacted? To advise Management adequately and effectively, Internal Auditors will need to have a detailed knowledge of: The conditions of the POPI Act and what they mean to the organisation’s operations What approaches from start to end should be applied by the organisation to convert its processes and systems to align fully with the conditions of the Act

How are Internal Auditors impacted? This knowledge will enable YOU to make informed and correct recommendations in your audit reports and above all it will help you to remain RELEVANT within the organisation

A road to becoming POPI Compliant? To be POPI Compliant, an organisation would need to: Make all employees aware of the conditions and requirements of the POPI Act through an Awareness and Training as this will enhance compliance Internal Audit Department to conduct a POPI Readiness Review to identify the organisation’s current state of compliance with the Act and know which areas are requiring the attention

A road to becoming POPI Compliant? Develop a POPI Implementation Plan based on the action plans highlighted in the POPI Readiness Review Report Implement the action plans outlined into the POPI Implementation Plan to move the organisation into being fully POPI Compliant, i.e. convert processes and systems to comply with the POPI Act

A road to becoming POPI Compliant? Bono Skills Development specializes in rendering all the services described under paragraph 1-4 above. We provides a customized training which would assist your organisations to have a detailed knowledge of: The conditions and requirements of the POPI Act and how they affect the organisations’ operations What process should be followed by the organisations from start to end to implement the conditions of the POPI Act

Our customised training is delivered through 3 PHASES Conduct Needs Analysis Develop and Deliver Suitable Training Course Conduct Training Impact Assessment

In Conclusion… Protection of personal information isn’t a choice… It is the law and … we are all affected

Appreciation For Listening For Your Time Thank You