Why choose the IT Governance Network?

Global leaders in the design and implementation of IT governance frameworks and mechanisms.

More than 10 years experience in the protection of personal information (POPIA).

Consulting services, software solutions and wide range of training available.

POPIA Compliance Framework and Monitoring System

POPI Compliance FrameworkThe Protection of Personal Information Act is technical and complex, it requires a wide range of technical and organisational measures to be implemented to protect the rights of natural and juristic persons to privacy.  To ensure compliance, the Information Regulator requires all organisations to develop and implement a compliance framework so that they can effectively monitor the protection afforded natural and juristic persons. 

A functionally rich POPIA Compliance Framework and Monitoring System supports small and large organisations effectively and efficiently achieve POPIA compliance. It enables organisations to jump start their POPIA programme by implementing an international standards-based POPIA compliance framework.   

More about the POPIA Compliace Framework and Monitoring System ...

POPIA Training

OVERVIEW

The Protection of Personal Information Act requires that responsible parties ensure that any processing of personal information conforms with the eight conditions for the lawful processing of personal information. The processing of human resources (HR) information of job applicants and workers is an area of high-risk.

SEMINAR OBJECTIVES

Participants will obtain an understanding of the legislative requirements for the processing of personal Information that apply to Human Resource management. On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of the impact of the Protection of Personal Information Act on the processing of HR information.
  • Be able to communicate the key aspects of the Protection of Personal Information Act that impact HR
  • Articulate the HR activities that require attention as a result of the Protection of Personal Information Act
  • Clarify responsibilities of HR personnel involved in the processing of personal information
  • Develop and implement a compliance framework for the protection of personal information in the HR function
  • Perform a privacy impact assessment
  • Develop a privacy plan for HR information
  • Monitor the compliance framework for privacy in HR.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples how to prepare for and address the organisational, procedural, technical and legal requirements of the legislation for the Protection of Personal Information that impact Human Resources.

This seminar includes topics about:

  • Overview and key components of the Protection of Personal Information Act
  • Accountability for the processing of personal information
  • Conditions for lawful processing of personal information
  • Identifying personal information and the category of special personal information
  • HR practices that do not comply with the Protection of Personal Information Act
  • Good privacy practices of the HR staff
  • The development, implementation and monitoring of the HR function's compliance.

Description of the Complying with the Act Course

OVERVIEW

The Protection of Personal Information Act has been finalised. All public and private bodies are required to record their processing of personal information in their PAIA Information Manual prior to actually processing it.

All public and private bodies are required to ensure that the processing of personal information is lawful and that personal information in their possession is always secure. Failure to do so will have serious consequences and may result in criminal proceedings and civil claims for damages.

The Protection of Personal Information Act specifies eight conditions for the lawful processing of personal information. Regardless of whether the organisation is a large corporate, government department, school or research organisation, it will have to ensure that the processing of personal information is lawful and all personal data in its possession is properly acquired, secured and destroyed when obsolete.

SEMINAR OBJECTIVES

Participants will obtain an understanding of the legislative requirements for the processing of personal Information. On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of the requirements of the Protection of Personal Information Act
  • Be able to communicate the key aspects of the Protection of Personal Information Act
  • Articulate the activities necessary to address the legal requirements for the Protection of Personal Information
  • Clarify the roles and responsibilities of all parties required to be involved in the protection of personal information
  • Develop a compliance framework for the protection of personal information
  • Update the PAIA information manual
  • Perform a privacy impact assessment
  • Manage the privacy initiative in their organisation.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples how to prepare for and address the organisational, procedural, technical and legal requirements of the legislation for the Protection of Personal Information.

This seminar includes topics about:

  • Overview and key components of the Protection of Personal Information Act
  • Accountability for the processing of personal information
  • Conditions for lawful processing of personal information
  • Identifying personal information and the category of special personal information
  • Processing that is subject to prior authorisations
  • Trans-border exchanges of personal data
  • Developing a Privacy Policy and educating staff
  • Conducting a Privacy Impact Assessment
  • Contracting with Operators and verifying compliance
  • Developing a compliance framework
  • Building capability to manage Privacy
  • Privacy by Design
  • Managing information throughout its life-cycle
  • The responsibilities of the CEO, the appointed “responsible parties” and appointed “information officer”
  • Records to be maintained in the PAIA information manuals regarding the processing of personal information
  • Handling requests for information and complaints from data subjects
  • The role and responsibilities of the Information Officer
  • The role of the Information Regulator
  • Assessments undertaken by the Information Regulator
  • Civil remedies, enforcement and criminal offences
  • The information security requirements
  • The need for records management and a legal register
  • Maintaining the information quality of personal data
  • Avoiding secondary use and unlawful processing
  • Developing an Action Plan to address the requirements for the lawful processing of personal information.

Description of the Role of Information Officers Course

OVERVIEW

The Protection of Personal Information Act requires that the heads of public bodies and CEO’s of private bodies register with the Information Regulator the details of the postal and street address, phone and fax number and, if available, electronic mail address of their Information officers and any Deputy Information Officers so that data subjects and the Information Regulator may contact these individuals regarding access to information and compliance with the conditions for lawful processing of personal information set out in the Protection of Personal Information Act.

The purpose of this seminar is to assist Information Officers and Deputy Information Officers understand their role and responsibilities in terms the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act, including the extended duties and responsibilities contained in the Regulations issued by the Information Regulator.

It is the responsibility of the “Information Officer” to encourage the organisation’s responsible parties to process personal information lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy. Processing of personal information must comply with the eight conditions imposed by the Protection of Personal Information Act. The Information Regulator has extended the responsibilities of the Information Officer to include ensuring a Compliance Framework is developed, implemented and monitored. 

SEMINAR OBJECTIVES

Participants will receive an overview of the POPI Act and obtain a specific understanding of the role and responsibilities of the “Information Officer”.

On completion of this seminar, participants will be able to:

  • Articulate the significance of the Protection of Personal Information Act
  • Demonstrate an understanding of the duties and responsibilities of information officers
  • Describe the role, responsibilities and legal obligations of the responsible parties.
  • Describe the roles and the responsibilities of the other parties concerned about the processing of personal information
  • Develop and implement a Compliance Framework
  • Explain the conditions for the lawful processing of personal information
  • Communicate the conditions for lawful processing personal information contained therein.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples about the role of an Information Officer, the requirements of the Promotion of Access to Information Act and the Protection of Personal Information Act. Participants will discuss the issues that an Information Officer is expected to deal with in the course of discharging his/her responsibilities.

This seminar includes topics about:

  • Registering Information Officers with the Information Regulator
  • The duties and responsibilities of the Information Officer
  • Designation and delegation to Deputy Information Officers
  • Implications of the Companies Act 2008 for Information Officers
  • How to differentiate between personal information, special personal information and other data
  • Important content of the PAIA manual
  • The preparations required prior to updating the PAIA information manual about the processing of personal information
  • PAIA manual exemptions
  • Availability of the PAIA manual
  • Guidance available from the Information Regulator
  • Documentation to be prepared prior to the processing of personal information
  • Processing details to be maintained in the PAIA manual
  • Records available in accordance with other legislation
  • The Conditions for the lawful processing of personal information
  • Implications of the Conditions for lawful processing of personal information for business activities
  • Assistance that can be expected from the Information Regulator
  • Working with the Information Regulator to conduct investigations
  • Dealing with requests from Data Subjects
  • Ensuring compliance with the provisions of the POPI Act
  • Making use of a Compliance Framework
  • Handling requests for access to information
  • Receipt of complaints by information officers
  • Informing information officers prior to pre-investigation procedures
  • Requests to the Regulator by Information Officers to make an Assessment in the manner prescribed of whether the body complies with the provisions of the Act insofar as its policies and procedures are concerned
  • Information Notice served on an Information Officer
  • Enforcement Notice served on an Information Officer
  • Non-compliance with an Enforcement Notice by an information officer
  • Applications to Court regarding decisions of information officers
  • Examples from industry – local and international
  • An Action Plan for Information Officers
  • The job description of an information officer.

Description of the POPI Act Overview Course

This course provides delegates with an overview of the new Protection of Personal Information legislation and the significant obligations placed on those business leaders identified as the “responsible parties” and “information officers”. All public and private bodies will be affected by the requirements of this legislation. Various technical and organisational arrangements will be necessary.

The collection of personal information must be for a specifically defined, lawful purpose related to a function of the responsible party. The processing of data must be for a legitimate purpose. Data subjects must be aware of the collection of the data. Adequate business controls are required to maintain data integrity and information security must meet international standards. Data must be retained only for as long as necessary and the it must be destroyed.

SEMINAR OBJECTIVES

Participants will obtain an overview of the Protection of Personal Information Act and its implications. On completion of this seminar, participants will be able to: 

  • Articulate the requirements of the Protection of Personal Information Act
  • Demonstrate an understanding of the conditions for the lawful processing of personal information
  • Identify the technical and organisational measurements necessary for protecting personal information
  • Describe the various roles and the responsibilities of the personnel who should be concerned about the protection of personal information
  • Identify the effort required to meet the requirements of the Protection of Personal Information Act and the conditions for lawful processing personal information contained therein.

 SEMINAR OUTLINE

Participants will learn through discussion and practical examples how to address the organisational, procedural, technical and legal requirements for the Protection of Personal Information.

This seminar includes topics about:

  • Overview of the legislation for the Protection of Personal Information
  • The duties of the Responsible Party and Information Officer
  • The role of Risk Management and Compliance
  • Working with the Regulator
  • Communicating with data subjects
  • The eight conditions for the lawful processing of personal information
  • How to differentiate between personal and other data
  • How to update the PAIA manual and what records to keep about the processing of personal information
  • Identifying and mitigating privacy related risks
  • Identifying the organisational and technical arrangements necessary for the protection of personal information
  • Controlling the activities of Operators
  • Trans-border exchanges of personal data
  • Building organisational capability to manage Privacy
  • Challenges from the collection, profiling, cross-marketing, unstructured data, third party processing, secondary use.

Description of the Obligations of responsible Parties Course

OVERVIEW

The Protection of Personal Information Act has been finalised. Heads of public bodies, CEO’s of private bodies and the business leaders identified as “responsible parties” who control the purpose and means for processing information are required to ensure compliance with the conditions of lawfully processing personal information set out in the Act.

Business leaders and information officers who fail to fulfil their obligations defined in this Act may be charged with a criminal offence and face civil claims for damages.

It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA to ensure that personal information is processed lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy. Processing of personal information must comply with the obligations imposed by law and this processing must be necessary for legitimate interests of the body.

SEMINAR OBJECTIVES

Participants will obtain a general understanding of the legal obligations placed on “Responsible Parties”. On completion of this seminar, participants will be able to:

  • Articulate the requirements of the Protection of Personal Information Act
  • Demonstrate an understanding of the conditions for the lawful processing of personal information
  • Describe the role, responsibilities and legal obligations of the responsible parties
  • Describe the roles and the responsibilities of the other parties concerned about the processing of personal information
  • Communicate the design of a suitable compliance framework
  • Identify the effort required to meet the requirements of the Protection of Personal Information Act and the conditions for lawful processing personal information contained therein.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples how to prepare for and address the obligations placed on responsible parties by the Protection of Personal Information Act.

This seminar includes topics about:

  • Recording details about Responsible Parties in the PAIA Manual
  • The duties of the Responsible Party
  • Implications of the Companies Act 2008
  • Controlling the activities of Operators
  • How to differentiate between personal and other data
  • The preparations required prior to updating the PAIA information manual about the processing of personal information
  • Mitigating risks
  • Documentation to be prepared prior to the processing of personal information
  • Processing details to be maintained in the PAIA manual
  • Designing a compliance framework
  • Communicating with data subjects
  • Implications of the conditions for lawful processing of personal information for business activities
  • Working with the Information Regulator
  • Working with the Information Officer
  • The role of Risk Management and Compliance
  • Trans-border exchanges of personal data
  • Consequences of failing to comply
  • Challenges – collection, profiling, cross-marketing, unstructured data, third party processing, secondary use
  • Case studies from industry – local and international
  • An Action Plan to fulfil the obligations of Responsible Parties.

Why choose an IT Governance Network course?

The IT Governance Network's trainers have extensive knowledge and experience with the protection of personal information. Some members of staff are active Information Officers for clients and have been advising on the measures necessary to satisfy the requirements of the Protection of Personal Information Act for a number of years. Other staff participated in the Parliamentary discussions that resulted in the legislation.

    

COURSES

General and specialist courses address various aspects of the lawful processing of personal information. Courses are available in-house, open to the public and online. 

POPI: Complying with the Act

The Protection of Personal Information Act requires all public and private bodies to process personal information in accordance with the conditions for the lawful processing of personal information. In most organisations personal information is ubiquitous and the risk of not processing personal information is high.

This course provides the attendee with an understanding of the key requirements of the Act and a road map to address the requirements and manage the risk.

POPI: Impact on HR 

The processing of personal information with the human resources function presents many challenges for those responsible. Currently the misuse of personal information within HR is widespread making many organisations vulnerable to complains from unsuccessful job applicants and employees.

This course includes topics about processing personal information within the human resources function. Practical examples illustrate what is acceptable and what is unlawful.

POPI: Role of Information Officers 

Information officers have a significant role in overseeing the protection of personal information and can be personally liable in some instances where they do not fulfil their responsibilities.

This course will assist attendees understand the role and responsibilities of the information officer in encouraging a public or private body complying with the requirements for the lawful processing of personal information, handle personal information requests and respond to interferences.

POPI: Obligations of responsible Parties 

It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA manual to ensure that personal information is processed lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy.

This seminar informs heads of public bodies, CEO’s of private bodies and the business leaders identified as “responsible parties” about their role and responsibilities for processing personal information lawfully.

POPI: Security using ISO 27001 

The Protection of Personal Information Act requires all organisations to implement the necessary safeguards to protect personal information according to generally accepted information security practices and procedures.

This course provides attendees with an understanding of the approach required to identify and implement the necessary safeguards to protect the processing of personal information using ISO 27001, the international generally accepted standard for information security.

POPI: Requirements for ERP Systems

Enterprise Resource Planning (ERP) systems process a wide variety of business information, including many types of personal information. ERP systems have many features that can assist responsible parties protect personal information. Omitting to use the available features could be a problem when non-compliance is reported to the Information Regulator.

This course provides attendees with an understanding of the privacy-related issues that will need attention in ERP systems.

POPI: Auditing Readiness and the Programme

The Protection of Personal Information Act is technical and complex. It has numerous requirements that impact just about everyone within an organisation, it’s customers, suppliers and service providers.

This seminar includes topics about:

  • Which aspects of POPI are important to auditors
  • How auditors should plan their approach
  • Conducting an audit of the organisation’s POPI programme.

 

SCHEDULE

View the latest Protection of Personal Information training schedule on the top menu - SEMINAR SCHEDULE. 

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top