Presentation is loading. Please wait.

Presentation is loading. Please wait.

Explorative Analysis of the Implications and Compliance of the Protection of Personal Information (POPI) Act in a Open and Distance Learning (ODL) Institution:

Published byRaymond Smith Modified over 6 years ago

Similar presentations

Presentation on theme: "Explorative Analysis of the Implications and Compliance of the Protection of Personal Information (POPI) Act in a Open and Distance Learning (ODL) Institution:"— Presentation transcript:

1 Explorative Analysis of the Implications and Compliance of the Protection of Personal Information (POPI) Act in a Open and Distance Learning (ODL) Institution: Are we there Yet? 26 October 2017 Nelson Masindi & Matseliso Palesa Molapo Department of Institutional Research and Business Intelligence

2 Presentation overview
Objectives Background What is the POPI Act Non-compliance to POPI Act Pre POPI Act: Practices of accessing information Compliance to the Act Institutional Risks of access to personal Information Recommendations

3 Objective This presentation seeks to explore how the university is fairing in implementing the Protection of Personal Information (POPI) Act with possible recommendations. Provide a platform for discussion of how other institutions are doing in implementing the Act

4 Background As a public and Open Distance Learning (ODL) institution the University of South Africa (Unisa) provides access to more than 380,000 students per year who come from diverse backgrounds in Africa and beyond. As a comprehensive distance education the values of the institutions espouses the values of the Constitution of the Republic of South Africa [4], particularly human integrity, the achievement of equality and social justice (Access to Information Manual 2006). The introduction of the POPI Act has forced universities and other like institutions to reconsider their policies and practices in personal information management and access and how they have been conducting business.

5 What is the POPI Act The Protection of Personal Information (POPI) Act was passed in the National Assembly of the Republic of South Africa and enacted on 26 November 2013 and its purpose is to prevent the unauthorised disclosure of personal information. It is there to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing of anyone’s personal information by holding them accountable should they abuse or compromise anyone’s personal information in any way.

6 What is the POPI Act It is founded on Section 14 of the Constitution of the Republic of South Africa, 1996, which provides that everyone has the right to privacy. Academic institutions now have a legal obligation to ensure that the personal information about students and staff is sufficiently managed and protected. They can only disclose this information with the consent of the individuals. While the Promotion of Access to Information Act (PAIA) provides for access to information, POPI cautions against dissemination of personal information without the consent of the affected individuals. The system of government in South Africa before 27 April 1994, amongst others, resulted in a secretive and unresponsive culture in public and private bodies which often led to an abuse of power and human rights violations The right of access to any information held by a public or private body may be limited to the extent that the limitations are reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom as contemplated in section 36 of the Constitution

7 Non-compliance to POPI?
Institutions that do not comply with the POPI Act face possible prison terms and fines of up to R10-million; further financial losses due to legal proceedings, and damage to the reputation of the institution The office of the regulator has been established and will be in effect

8 Pre POPI Act: Access to Information
Internal staff could access information from different points, although it had some advantage to the University, there were some information security concerns. Internal academics and regional centre staff could access personal student information using their credentials to logging into the systems without any clearance from the department head or managers. Although there were concerns with the risk associated with access to personal student information regarding security and trust there is a Policy on Data Protection, which guide staff and remind them about their role on usage of such information.

9 Pre POPI Act: Access to Information
External requests to access institutional data were handled more carefully and were only processed when the required A form is received and permission is granted by the UNISA legal department to submit the information. The information was granted in aggregated format without any personal identifiable features

10 Institutional Risks of access to personal Information

11 Compliance to the Act Establishment of the New Directorate: Institutional Information The role of the Directorate: Institutional Information is to monitor business processes and ensure compliance with the legislation, understanding of the requirements by business owners, and to provide amendments to business processes, thereby enshrining the fundamental rights of privacy within Unisa business practice. Perform Personal Information Risk Assessment of Data Subjects Implement Safeguards/ Action Plans to address risks identified Conduct POPI Act Awareness and Training Investigation and resolution of reported privacy related breaches Provide advices and guidance on POPI Act related enquiries

12 Requirements to accessing personal Information
Any member of staff who, during the course of their official duties, requires access to personal student information must apply for permission to access. Applications must include the following: Reasons why an applicant believe should have access to “Function 195”. A letter of motivation from line manager (at least at the level of a Deputy Director). For instance, it is now more complicate for a lecturer to get her/his student information and it takes much longer because he/she has to complete a form, motivate for wanting such information, get signature/ approval from the line manager then send to the office of Registrar/ Deputy Registrar for approval. If the application is approved

13 Compliance to the Act The university revoked all staff members’ access to personal student information on what is called “Function 195”. Access is now limited to designate departments managing student and staff data within the university to protect both the confidentiality and integrity of the information.

14 RECOMMENDATIONS Establishing institutional policy/strategy that will govern the implementation of the Act. Establishing a central unit for the management of institutional databases. Educating and training staff on the ethics of information security. Incorporating POPI into the day-to-day operations of an institution. Engagement with institutional stakeholders in the implementation of the Act. Removal/minimising of unnecessary requirements for personal information on institutional templates.

15 Recommendations Minimising/limiting access points of personal information. Aligning job function and access to personal information. Entering into contractual agreements with service providers to ensure adherence to POPI. Destroying used personal data after a period of five years

16 Central Data/Information Management Unit
Recommendations Align job funtion to information access Central Data/Information Management Unit Align job function to information access Reduce amount of information collected Closing many access point of information Provide information security awareness training Reduced staff access to information Contractual agreements with service provider who process information on behalf of the institution adhere to POPI Act

17 Are We there Yet? Is the Institution ready for the kick-start the POPI Act regulatory processes in 2018?

18

Download ppt "Explorative Analysis of the Implications and Compliance of the Protection of Personal Information (POPI) Act in a Open and Distance Learning (ODL) Institution:"

Similar presentations

The Equality and Human Rights Agenda and the Possible Implications for Regulation David Darton, Director of Foresight, Equality and Human Rights Commission.

The Equality and Human Rights Agenda and the Possible Implications for Regulation David Darton, Director of Foresight, Equality and Human Rights Commission.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The UK Statistics and Registrations Services Act Tanvi Desai Data Manager LSE Research Laboratory Research Laboratory IASSIST 2009 - Tampere.

The UK Statistics and Registrations Services Act Tanvi Desai Data Manager LSE Research Laboratory Research Laboratory IASSIST Tampere.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
LOCAL GOVERNANCE IN THE 21 ST CENTURY: FRAUD, CORRUPTION AND ETHICS (THE UGANDA EXPERIENCE) PAPER PRESENTED AT TRAINING WORKSHOP HELD AT DOCKLANDS HOTEL.

LOCAL GOVERNANCE IN THE 21 ST CENTURY: FRAUD, CORRUPTION AND ETHICS (THE UGANDA EXPERIENCE) PAPER PRESENTED AT TRAINING WORKSHOP HELD AT DOCKLANDS HOTEL.
Geneva Centre for the Democratic Control of Armed Forces (DCAF) Dr. Hans Born Senior Fellow, 1 November 2005, Geneva 1. SSG:

Geneva Centre for the Democratic Control of Armed Forces (DCAF) Dr. Hans Born Senior Fellow, 1 November 2005, Geneva 1. SSG:
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Millennium Challenge Corporation (MCC) Component Three US Department of Justice/OPDAT (Office of Overseas Prosecutorial Development, Assistance and Training)

Millennium Challenge Corporation (MCC) Component Three US Department of Justice/OPDAT (Office of Overseas Prosecutorial Development, Assistance and Training)
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“What’s Ethics Got To Do With It” Presentation to the Canberra Evaluation Forum Gary Kent Head Governance Australian Institute of Health and Welfare.

“What’s Ethics Got To Do With It” Presentation to the Canberra Evaluation Forum Gary Kent Head Governance Australian Institute of Health and Welfare.
RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.

RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
A REPORT ON GOVERNMENT IMPLEMENTATION OF THE 1999 SUMMIT RESOLUTIONS : 26 TH MARCH 2003 A review and revision of legislation COMBATING CORRUPTION A review.

A REPORT ON GOVERNMENT IMPLEMENTATION OF THE 1999 SUMMIT RESOLUTIONS : 26 TH MARCH 2003 A review and revision of legislation COMBATING CORRUPTION A review.
New Pensions Act Developments: What you need to know Yvonne White & Jerry Moriarty The Pensions Board 18 April, 2007.

New Pensions Act Developments: What you need to know Yvonne White & Jerry Moriarty The Pensions Board 18 April, 2007.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Ethics enhancing Local Government Accountability IMFO CONFERENCE 06 October 2015, Emperors’ Palace Presenter : Manfred Moses : ESAAG & Office of the Accountant-General,

Ethics enhancing Local Government Accountability IMFO CONFERENCE 06 October 2015, Emperors’ Palace Presenter : Manfred Moses : ESAAG & Office of the Accountant-General,

Similar presentations

Ads by Google