SA Constitution Sec 14 – Privacy – RICA – POPI Sec 32 – Access to Information – PAIA – POPI.

Slides:



Advertisements
Similar presentations
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Advertisements

Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
The Data Protection (Jersey) Law 2005.
SOUTH AFRICA COMPLIANCE MATRIX MMA CATEGORY MMAWASPADMMADMASACPAPOPIECTA “Notice” Notice is an easily understandable and quickly discoverable description.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Internal Auditing and Outsourcing
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1 Cloud Computing and Intermediary Liability Issues Global Policy and Government.
Security Awareness Norfolk State University Policies.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.
The Data Protection Act 1998 The Eight Principles.
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
Data Protection Act AS Module Heathcote Ch. 12.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
Protection of Personal Information (PoPI) Verushka Reddy and Rob MacMahon 20 August 2013.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
LEGISLATION. DATA PROTECTION ACT (1998) The aim of this act give people the right to know what information is held about them. It also sets out rules.
The Debt Collectors Amendment Bill 2016 Right to Confidential Treatment Marina Short Chief Executive Officer Consumer Profile Bureau (CPB)
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
LEGAL IMPLICATION OF THE USE OF COMPUTER Lower Sixth Computing Lesson Prepared by: T.Fina.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Computing and Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
The EU General Data Protection Regulation Frank Rankin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
SEMINAR: Copyright 2012 All rights reserved. This presentation and/or any part thereof is intended for personal use and may not be reproduced or distributed.
[ Direct marketing – an introduction to data protection and privacy] For [insert name of organisation] presented by [insert name of presenter] on [date]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Monique Jefferson & Nadine Mather
Making the Connection ISO Master Class An Overview.
Auditing & Investigations I
A trust-based framework for the data-driven economy
General Data Protection Regulation
Data protection issues in regulatory investigations
Museums + Heritage webinar, 30 November 2017
Data workshop WhOSE DATA IS IT ANYWAY? Alexia Christie
Data Protection Legislation
Nina Barakzai November 2017
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
GDPR Road map to Compliance.
Internal control - the IA perspective
General Data Protection Regulation
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Data Mapping On the Journey to Accountability
Welcome!.
Data transfers to non-EU countries under the new GDPR
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
General Data Protection Regulation Q & A Session
Analysis of Final HIPAA Privacy Modification Rule
Presentation transcript:

SA Constitution Sec 14 – Privacy – RICA – POPI Sec 32 – Access to Information – PAIA – POPI

Relevant Legislation NCA CPA ECT Act

KING III 5.5.2The board should ensure that the company complies with IT laws and that IT related rules, codes and standards are considered The board should ensure that there are systems in place for the management of information which should include information security, information management and information privacy.

KING III 5.6.2The board should ensure that all personal information is treated by the company as an important business asset and is identified.

Standards and Codes ISO ISO WASPA Code of Conduct DMA Code of Conduct

NB DEFINITIONS Personal Information Process(-ing) Responsible Party Operator Data Subject Consent Child

8 CORE CONDITIONS Accountability Processing Limitation Specific Purpose Further Processing Limitation Information Quality Security Safeguards Data Subject Participation

ADDITIONAL CONCERNS Special Categories of Personal Information Unsolicited Marketing Automated Processing Cross Border Data Transfers Regulator

ADDITIONAL CONCERNS Special Categories of Personal Information Unsolicited Marketing Automated Processing Cross Border Data Transfers Regulator

CLOUD COMPUTING Is moving data to the CLOUD a bad thing?

CLOUD COMPUTING Will my company have continued access to its information or data (backup and disaster recovery measures) irrespective of the information or data’s location?

CLOUD COMPUTING Can you provide me with assurances that unauthorised access to my company’s information or data is prevented (covers both protection against external “hacking” attacks and access by the cloud provider’s personnel or by other users of the datacentre)?

CLOUD COMPUTING Do you have adequate oversight of any sub- processors (irrespective of their location) you use or might use and subsequent to that, do you have the necessary agreements and contracts in place to ensure the security of my company’s information or data?

CLOUD COMPUTING Do you have sufficient procedures in place in the event of a data breach that would enable my company to take the necessary actions in terms of POPI?

CLOUD COMPUTING Could you provide my company with a guarantee in the contract that it will have the right to remove or transfer its information or data at any time?

© Copyright Francis Cronje All Rights Reserved

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.