“Who am I?” and “Who Owns my Identity Data?”
The first in a series of articles that I call “POPI on the ground”
Much is being made of the expected final promulgation of The Protection of Personal Information (POPI) Act 4 of 2013 later this year and its impact on business. In partnership with a specialist attorney, we hope to bring some sanity to the situation and provide a real life business focused perspective of how to practically deal with the POPI Act requirements and the related risks that Businesses face.
We will also be suggesting some practical on the ground implementation methodologies, management control mechanisms, processes and actual applications that will mitigate the risk of non compliance without unnecessary expenditure.
The next article will be posted at the end of March 2017 and will initially cover some core issues like “What are the core identity issues?”, “Who may hold my data?”, “Who actually owns my data?”, “What may they do with my data?”, “What is privacy?”, “What is personal information?”, “What on earth does this have to do with Business?”, “How do I identify what personal information I have in my organisation?”, “May I have this information?”, “How am I expected to find and protect this personal data?”and many, many more practical guides. ”
While we will ensure that the Legal Issues within the POPI Act as well as and the many other pieces of relevant legislation is the basis of our discussion, the key focus of our efforts will be on what needs to be done on the ground to ensure compliance without the unnecessary hysteria.
Hi Mitch, thank you for your comment. This is exactly why I am doing a series of fundamental articles on this. As I consult to different entities I find so much confusion on these matters. I will be dealing with Privacy, Confidentiality and a range of other key issues one at a time. Look forward to your comments on each.
Senior Data Privacy & Data Security Professional w/ Expertise: Data Security Risk Management | Governance, Risk & Compliance | Enterprise / Security Architecture
8 年Rule 1. Confidentiality does not equal privacy. Rule 2. An organisation is (hopefully) a trusted CUSTODIAN of PII - Never the owner. So simple in essence, why can nobody understand?