SlideShare une entreprise Scribd logo

Cor concepts information governance-protection-of-personal-information-act-popi

Robust Marketing & Consulting (Pty) Ltd
Robust Marketing & Consulting (Pty) Ltd

In this presentation, 10 steps (10 P's of POPI) are introduced as essential ingredients of meeting Protection of Personal Information (POPI) requirements. As a privacy law, POPI relies heavily on sound information management principles. The COR Concepts Integrated Information Governance model is also discussed, providing a framework for ensuring that POPI is not treated in isolation, and that it forms part of a cohesive approach to managing enterprise-wide information.

Business
1  sur  37
Télécharger pour lire hors ligne
C O R Concepts Information Governance A framework for meeting requirements of the Protection of Personal Information Act Paul Mullon 0832736087 paulm@corconcepts.co.za 1
Agenda • POPI in context • Overview of Information Governance (IG) • Integrated IG • IG Considerations • Protection of information 2
POPI Summary Refresh: Information must be: • obtained fairly and lawfully; • used only for the specified purpose for which it was originally obtained; • adequate, relevant and not excessive to purpose; • accurate and up to date; • accessible to the subject; • kept secure; • destroyed after its purpose is completed. 3
Forms of information and POPIA considerations • All content regarding the individual must be identifiable • Information must be deleted once the purpose for which it was gathered is over • The client must be informed why the information is being captured, and how it will be used. 4
Forms of information POPIA considerations Data Image Protection of Personal Information – all must be managed consistently Documents/Records 5
Formats for Information Governance • Data Governance • Born digital documents – Should they be printed? – Legal principles – The role of signatures • Conversion of paper to electronic – When to scan – What to scan – Scan and destroy – The use of e-forms for data capture • Are digital documents fool proof? – Pdf (Pdf/A) – Microsoft Word
Personal Information (PI) + IG Actions Consolidated view The 10Ps of PI 1. Plan 2. Participation (+Governance) structures) 3. Probe (understand your information) 4. Policy (+Procedures & Practices) 5. People (Educated and aware) 6. Processes 7. Protect 8. Purge 9. Programmes (Systems) 10. Perfect Plan Participation Probe Policy People Processes Protect Purge Programmes Perfect Personal Information 7
LOB, EDRMS & OTHER TECHNOLOGY DRIVERS Legislation Cost pressures Customer service Operational efficiency Paper DMS Imaging Elec. Records Mgmt E-mail POLICIES, PROCEDURES, PROCESSES Plan: The process STRATEGY
Participation: Governance and Control Steering Committee Multi-Disciplinary • IT • Operational Divisions • Group Support Services • Legal • Compliance • Risk • Records Management Working Groups • IT • Operational Divisions • Group Support Services • Records Management The purpose of these teams are to ensure that the necessary governance instruments are in place, maintained, reviewed, & refined as appropriate.
Governance Inter-relationships Proposed Implementations Project teams Center of Excellence Steering Committee Working Group Policies, Procedures and Group standards
Probe – understanding your information Reference Description Retention period Retention trigger Personal Information? Originating process Other processes Formats – Paper, electronic, data Scan and destroy Sensitivity classification Index fields Naming convention Custodian Stewards Owner Applicable legislation 11 Which systems Business Units Extracted to other systems Summarised in reports …
Integrated classification systems 1. Managing Human Resources 1.1 Determining Allowances 1.2 Establishing Conditions of Employment 1.2.1 Appointments 1.2.2 Apprenticeships 1.2.3 Childcare 1.2.4 Flexible work arrangements 1.3 Calculating Leave 1.3.1 Accrual 1.3.2 Entitlements 1.3.3 Holidays 1.4 Recruiting Employees 1.5 Determining Salaries 1.5.1 Deductions 1.5.2 Overtime 1.5.3 Remuneration 1.5.4 Superannuation Paper classification Electronic classification E-mail classification 12 Don’t ignore metadata Build business rules into systems
Key considerations • POPI and IG are business issues • A multi-disciplinary approach is needed • Be practical • Look for process integration and improvement opportunities •Nature of information •Formats Plan •Location •Usage Probe •Other processes •Discovery Process •All versions •Documented Purge 13
Policy • Policies + Procedures +Processes +Practices • Integrated policy framework • Enforceable, monitored, enforced 14 At some stage we have to trust people Be prepared to monitor Be prepared to enforce
Protect: Information Security • Kept secure (in all formats) • Physical and digital security • Encryption • Removable media • Confidential destruction • Kept complete • Discoverable • Records Holds • Audit trails 15
Purge • An opportunity to: – Conduct data cleansing and normalisation – Identify and improve redundant processes or steps – Remove the rubbish: • duplicates • “non-records” • past-due records 16
Programmes: Enterprise Content Management (ECM) Source: AIIM
Collaborate Create, access, and manage Search Secure Enterprise wide Structured and unstructured Lifecycle management Print Output Email What is Content? Is it PI? Web Pages Enterprise Applications (Invoices, Statements, etc.) Paper Documents & Files Electronic Documents Meta Data Fax Forms Archiving Photos, Graphics, Video ENTERPRISE WIDE
Processes Flows of information Internally or externally generated Value determination Is it a record, or a document, is it PI or all of the above? Why must it be kept? What must be kept? Who must keep it?
Information processes V0.4 V1.0 v0.1 v0.2 v0.3 Info creation Declared as record or Information asset Formal repository Disposed Who creates or receives it What format is it in? Should it be converted? Where is it? Where can it be stored? Which processes require it? What rules are in place? Who creates them? How are they implemented in systems? What intervention must users take? Where must they be stored? When? How? By whom? Re-purposed Summarised Analytics Reporting
Programmes: Architecture 21 Line of Business Applications Large format Scanning DOCUMENT REPOSITORIES Business Systems Basic Content Services Intranet, Collaboration and Document management Cross-system Search Ad hoc & Reference copy Scanning Multi-Function Devices Stand-alone scanners Records Management • Retention • Access • File Plan/Classification • Paper records management Archiving • Documents • Records • Databases • E-mail Production Scanning Procurement Finance Plant HR ICT QMS Document creation & retrieval Audio- Visual Shared drives Repository Duplicate systems Migrate
IG – What is it? • the specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals Source: Gartner IG Is broader than POPI IG Spans multiple domains
Typical drivers/domains • Corporate Governance (King III) • Data Privacy (POPI) • Other legislation (FICA, Companies Act, ECT) • Information security • IT Governance • Records Management • Master Data Management (Governance & quality) • Quality (ISO 9001 and SHEQ)
Integrated Information Governance Key Success Factors •Executive Buy-In •Aligned to Corporate Goals •Integrated approach •Change Management •Stakeholder inclusion Common Features •Governance Structures •Strategy •Policies •Procedures •Standards •Metrics •Reviews •Benchmarked Principles •Accountability •Integrity •Protection •Compliance •Retention •Disposition •Transparency •Availability Domains •Corporate Governance •Records Management •IT Governance •Data Privacy •Knowledge Management •Master Data Management •Information Security •Information Risk Information life cycle 24
Principles (GARP) * (Generally Accepted Recordkeeping Principles) Principle of Accountability • An organization shall assign a senior executive who will oversee the IG program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability. Principle of Integrity • An IG program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability. Source: ARMA
The GARP Principles Principle of Protection • An IG program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity. Principle of Compliance • The IG program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.
The GARP Principles Principle of Availability • An organization shall maintain information in a manner that ensures timely, efficient, and accurate retrieval of needed information. Principle of Retention • An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.
The GARP Principles Principle of Disposition • An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies. Principle of Transparency • The processes and activities of an organization’s IG program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.
Accountability • The senior executive in charge should establish a method to design and implement a structure to support the IG program. • Governance structure should be established for program development and implementation. • Necessary components include an accountable person and a developed program. • An IG program should have documented and approved policies and procedures to guide its implementation. • Auditability enables the program to validate its mission and be updated as appropriate.
Integrity • Correctness of and adherence to the policies and procedures of the organization • Reliability of the information management training and direction given to the employees who interact with all systems • Reliability of the records and information created • An acceptable audit trail • Reliability of the systems that control the recordkeeping including hardware, network infrastructure, and software
Protection • Information audit determines the records and information and the required protection • Implementation of appropriate controls throughout the lifecycle • Systems to have adequate controls • Physical and system controls • Vetting of staff • E-mail and removable media controls • Implementing sensitivity classification
Compliance 1. The IG system must contain information showing that the organization’s activities are conducted in a lawful manner. 2. The IG system is itself subject to legal requirements such as requirements to maintain tax or other records and information. – Know what information must be entered into its records to demonstrate that its activities are being conducted in a lawful manner – Enter that information into its records in the manner prescribed by law – Maintain its records in the manner and for the time prescribed by law
Availability Organizations must have the ability to identify, locate, and retrieve the records and related information required to support its ongoing business activities. These records are used by: • Individuals and groups to reference, share, and support their work • Legal and compliance for discovery and regulatory review purposes • Numerous corporate functions to validate management decisions and account for the resources of the organization.
Retention Implement Retention periods including requirements for: • Legal and regulatory • Fiscal • Operational • Historical
Disposition • At the completion of the retention period for an organization’s records, the records must be designated for disposition. • Transfer or destruction • Implement records holds • Formal approval and documentation of all disposition activities
Transparency Records documenting the IG programme must: • Document the principles and processes that govern the programme • Accurately and completely record the activities undertaken to implement the programme • Be written or recorded in a manner that clearly sets forth the information recorded • Be readily available to legitimately interested parties
Conclusion: Benefiting from POPI +IG • Don’t treat it as a compliance initiative • Seek benefits from understanding your information and revising processes • Use it as a catalyst to implement sound Information Governance • Information Governance is a programme, a journey. 37

Recommandé

POPI Seminar
POPI SeminarPOPI Seminar
POPI Seminar
Marketing Durban Chamber
 
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
OvationsGroup
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPI
POPI ACT Protection of Personal Info
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
OvationsGroup
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013
Contact Centre Management Group
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
Imraan Kharwa
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
Endcode_org
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 

Recommandé

POPI Seminar
POPI SeminarPOPI Seminar
POPI Seminar
Marketing Durban Chamber
 
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
Ovations Group - Introducing the Protection of Personal Information (PoPI) ac...
OvationsGroup
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPI
POPI ACT Protection of Personal Info
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
OvationsGroup
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013
Contact Centre Management Group
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
Imraan Kharwa
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
Endcode_org
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 
POPI
POPI POPI
POPI
POPI ACT Protection of Personal Info
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
Kholisile Mazaza
 
Personal Data Protection Law
Personal Data Protection LawPersonal Data Protection Law
Personal Data Protection Law
Hatice Zümbül, LL.M.
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
Andrew Sharpe
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
OpenAIRE
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
Werksmans Attorneys
 
An Introduction to Data Protection (London) - June 2015
An Introduction to Data Protection (London) - June 2015An Introduction to Data Protection (London) - June 2015
An Introduction to Data Protection (London) - June 2015
Rachel Aldighieri
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Trish McGinity, CCSK
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Financial Poise
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
Allen Woods
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
primeteacher32
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...
Tore Hoel
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
PECB
 
Information governance process & technology
Information governance process & technologyInformation governance process & technology
Information governance process & technology
GNetadmin
 

Contenu connexe

Tendances

Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
Werksmans Attorneys
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Financial Poise
 

Tendances (20)

POPI
POPI POPI
POPI
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Personal Data Protection Law
Personal Data Protection LawPersonal Data Protection Law
Personal Data Protection Law
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
An Introduction to Data Protection (London) - June 2015
An Introduction to Data Protection (London) - June 2015An Introduction to Data Protection (London) - June 2015
An Introduction to Data Protection (London) - June 2015
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...Data protection and privacy framework in the design of learning analytics sys...
Data protection and privacy framework in the design of learning analytics sys...
 

Similaire à Cor concepts information governance-protection-of-personal-information-act-popi

Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
PECB
 
Information governance process & technology
Information governance process & technologyInformation governance process & technology
Information governance process & technology
GNetadmin
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
15. Brian Bailey presentation 2 DQ Asia Pacific 2010
15. Brian Bailey presentation 2 DQ Asia Pacific 201015. Brian Bailey presentation 2 DQ Asia Pacific 2010
15. Brian Bailey presentation 2 DQ Asia Pacific 2010
Brian Bailey
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
victor Nduna
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 

Similaire à Cor concepts information governance-protection-of-personal-information-act-popi (20)

Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
 
Information governance process & technology
Information governance process & technologyInformation governance process & technology
Information governance process & technology
 
Data governance guide
Data governance guideData governance guide
Data governance guide
 
Data governance guide
Data governance guideData governance guide
Data governance guide
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
15. Brian Bailey presentation 2 DQ Asia Pacific 2010
15. Brian Bailey presentation 2 DQ Asia Pacific 201015. Brian Bailey presentation 2 DQ Asia Pacific 2010
15. Brian Bailey presentation 2 DQ Asia Pacific 2010
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
INTRODUCTION
INTRODUCTIONINTRODUCTION
INTRODUCTION
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
 
chapter2-220725121543-2788abac.pdf
chapter2-220725121543-2788abac.pdfchapter2-220725121543-2788abac.pdf
chapter2-220725121543-2788abac.pdf
 
Chapter 2: Data Management Overviews
Chapter 2: Data Management OverviewsChapter 2: Data Management Overviews
Chapter 2: Data Management Overviews
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Information Governance Maturity for Financial Services
Information Governance Maturity for Financial ServicesInformation Governance Maturity for Financial Services
Information Governance Maturity for Financial Services
 
RFT for Business Intelligence and Data Strategy
RFT for Business Intelligence and Data StrategyRFT for Business Intelligence and Data Strategy
RFT for Business Intelligence and Data Strategy
 
Enterprise content management (in short)
Enterprise content management (in short)Enterprise content management (in short)
Enterprise content management (in short)
 
SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016 SME- Developing an information governance strategy 2016
SME- Developing an information governance strategy 2016
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
How Global Records Management Practices and Standards Are Evolving for Busine...
How Global Records Management Practices and Standards Are Evolving for Busine...How Global Records Management Practices and Standards Are Evolving for Busine...
How Global Records Management Practices and Standards Are Evolving for Busine...
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 

Plus de Robust Marketing & Consulting (Pty) Ltd

TODPOD by Million Baby
TODPOD by Million BabyTODPOD by Million Baby
TODPOD by Million Baby
Robust Marketing & Consulting (Pty) Ltd
 
Sany group profile
Sany group profileSany group profile
Sany group profile
Robust Marketing & Consulting (Pty) Ltd
 
Ffc new development bank and cra sc short-ver_finance_27may2015
Ffc new development bank and cra sc short-ver_finance_27may2015Ffc new development bank and cra sc short-ver_finance_27may2015
Ffc new development bank and cra sc short-ver_finance_27may2015
Robust Marketing & Consulting (Pty) Ltd
 
Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...
Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...
Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...
Robust Marketing & Consulting (Pty) Ltd
 
Draft notice local government remuneration framework packages
Draft notice local government remuneration framework packagesDraft notice local government remuneration framework packages
Draft notice local government remuneration framework packages
Robust Marketing & Consulting (Pty) Ltd
 

Plus de Robust Marketing & Consulting (Pty) Ltd (20)

TODPOD by Million Baby
TODPOD by Million BabyTODPOD by Million Baby
TODPOD by Million Baby
 
2016 IBA Judge Certificates- Donald Pillai
2016 IBA Judge Certificates- Donald Pillai2016 IBA Judge Certificates- Donald Pillai
2016 IBA Judge Certificates- Donald Pillai
 
PM-U Final Brochure Layout Sept 2015 update
PM-U Final Brochure Layout Sept 2015 updatePM-U Final Brochure Layout Sept 2015 update
PM-U Final Brochure Layout Sept 2015 update
 
ENTREPRENEURSHIP, COLLABORATION, NETWORKING
ENTREPRENEURSHIP, COLLABORATION, NETWORKINGENTREPRENEURSHIP, COLLABORATION, NETWORKING
ENTREPRENEURSHIP, COLLABORATION, NETWORKING
 
Sany pre fabricated buildings
Sany pre fabricated buildingsSany pre fabricated buildings
Sany pre fabricated buildings
 
Sany group profile
Sany group profileSany group profile
Sany group profile
 
Submission for the division of revenue 2016 2017 web
Submission for the division of revenue 2016 2017 webSubmission for the division of revenue 2016 2017 web
Submission for the division of revenue 2016 2017 web
 
Division of revenue_ for an equitable sharing of national revenue June
Division of revenue_ for an equitable sharing of national revenue JuneDivision of revenue_ for an equitable sharing of national revenue June
Division of revenue_ for an equitable sharing of national revenue June
 
Financial and fiscal commission municipal viability colloquim 29 may 2015 10...
Financial and fiscal commission municipal viability colloquim 29 may 2015 10...Financial and fiscal commission municipal viability colloquim 29 may 2015 10...
Financial and fiscal commission municipal viability colloquim 29 may 2015 10...
 
Ffc new development bank and cra sc short-ver_finance_27may2015
Ffc new development bank and cra sc short-ver_finance_27may2015Ffc new development bank and cra sc short-ver_finance_27may2015
Ffc new development bank and cra sc short-ver_finance_27may2015
 
Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...
Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...
Financial and Fiscal Commission Amendment Bill 2015 Presentation to Western ...
 
Draft notice local government remuneration framework packages
Draft notice local government remuneration framework packagesDraft notice local government remuneration framework packages
Draft notice local government remuneration framework packages
 
2014 15 fourth quarter results standing committee on finance
2014 15 fourth quarter results standing committee on finance2014 15 fourth quarter results standing committee on finance
2014 15 fourth quarter results standing committee on finance
 
Advanced records management
Advanced records managementAdvanced records management
Advanced records management
 
Mastery train the-trainer
Mastery train the-trainerMastery train the-trainer
Mastery train the-trainer
 
On you case discovery speaking in code
On you case discovery speaking in codeOn you case discovery speaking in code
On you case discovery speaking in code
 
Withholding of LES allocations: presentation Salga Gauteng 15 MAY 2015 mn
Withholding of LES allocations: presentation Salga Gauteng 15 MAY 2015 mnWithholding of LES allocations: presentation Salga Gauteng 15 MAY 2015 mn
Withholding of LES allocations: presentation Salga Gauteng 15 MAY 2015 mn
 
Signed Copy Ffc briefing on the 2015 appropriations bill
Signed Copy Ffc briefing on the 2015 appropriations billSigned Copy Ffc briefing on the 2015 appropriations bill
Signed Copy Ffc briefing on the 2015 appropriations bill
 
Ffc briefing on 2015 appropriations bill 12_may2015
Ffc briefing on 2015 appropriations bill 12_may2015Ffc briefing on 2015 appropriations bill 12_may2015
Ffc briefing on 2015 appropriations bill 12_may2015
 
Briefing on MIG Expenditure for Select Committee on Appropriations 12 May 2015
Briefing on MIG Expenditure for Select Committee on Appropriations 12 May 2015Briefing on MIG Expenditure for Select Committee on Appropriations 12 May 2015
Briefing on MIG Expenditure for Select Committee on Appropriations 12 May 2015
 

Dernier

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
Roland Driesen
 

Dernier (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 

Cor concepts information governance-protection-of-personal-information-act-popi

  • 1. C O R Concepts Information Governance A framework for meeting requirements of the Protection of Personal Information Act Paul Mullon 0832736087 paulm@corconcepts.co.za 1
  • 2. Agenda • POPI in context • Overview of Information Governance (IG) • Integrated IG • IG Considerations • Protection of information 2
  • 3. POPI Summary Refresh: Information must be: • obtained fairly and lawfully; • used only for the specified purpose for which it was originally obtained; • adequate, relevant and not excessive to purpose; • accurate and up to date; • accessible to the subject; • kept secure; • destroyed after its purpose is completed. 3
  • 4. Forms of information and POPIA considerations • All content regarding the individual must be identifiable • Information must be deleted once the purpose for which it was gathered is over • The client must be informed why the information is being captured, and how it will be used. 4
  • 5. Forms of information POPIA considerations Data Image Protection of Personal Information – all must be managed consistently Documents/Records 5
  • 6. Formats for Information Governance • Data Governance • Born digital documents – Should they be printed? – Legal principles – The role of signatures • Conversion of paper to electronic – When to scan – What to scan – Scan and destroy – The use of e-forms for data capture • Are digital documents fool proof? – Pdf (Pdf/A) – Microsoft Word
  • 7. Personal Information (PI) + IG Actions Consolidated view The 10Ps of PI 1. Plan 2. Participation (+Governance) structures) 3. Probe (understand your information) 4. Policy (+Procedures & Practices) 5. People (Educated and aware) 6. Processes 7. Protect 8. Purge 9. Programmes (Systems) 10. Perfect Plan Participation Probe Policy People Processes Protect Purge Programmes Perfect Personal Information 7
  • 8. LOB, EDRMS & OTHER TECHNOLOGY DRIVERS Legislation Cost pressures Customer service Operational efficiency Paper DMS Imaging Elec. Records Mgmt E-mail POLICIES, PROCEDURES, PROCESSES Plan: The process STRATEGY
  • 9. Participation: Governance and Control Steering Committee Multi-Disciplinary • IT • Operational Divisions • Group Support Services • Legal • Compliance • Risk • Records Management Working Groups • IT • Operational Divisions • Group Support Services • Records Management The purpose of these teams are to ensure that the necessary governance instruments are in place, maintained, reviewed, & refined as appropriate.
  • 10. Governance Inter-relationships Proposed Implementations Project teams Center of Excellence Steering Committee Working Group Policies, Procedures and Group standards
  • 11. Probe – understanding your information Reference Description Retention period Retention trigger Personal Information? Originating process Other processes Formats – Paper, electronic, data Scan and destroy Sensitivity classification Index fields Naming convention Custodian Stewards Owner Applicable legislation 11 Which systems Business Units Extracted to other systems Summarised in reports …
  • 12. Integrated classification systems 1. Managing Human Resources 1.1 Determining Allowances 1.2 Establishing Conditions of Employment 1.2.1 Appointments 1.2.2 Apprenticeships 1.2.3 Childcare 1.2.4 Flexible work arrangements 1.3 Calculating Leave 1.3.1 Accrual 1.3.2 Entitlements 1.3.3 Holidays 1.4 Recruiting Employees 1.5 Determining Salaries 1.5.1 Deductions 1.5.2 Overtime 1.5.3 Remuneration 1.5.4 Superannuation Paper classification Electronic classification E-mail classification 12 Don’t ignore metadata Build business rules into systems
  • 13. Key considerations • POPI and IG are business issues • A multi-disciplinary approach is needed • Be practical • Look for process integration and improvement opportunities •Nature of information •Formats Plan •Location •Usage Probe •Other processes •Discovery Process •All versions •Documented Purge 13
  • 14. Policy • Policies + Procedures +Processes +Practices • Integrated policy framework • Enforceable, monitored, enforced 14 At some stage we have to trust people Be prepared to monitor Be prepared to enforce
  • 15. Protect: Information Security • Kept secure (in all formats) • Physical and digital security • Encryption • Removable media • Confidential destruction • Kept complete • Discoverable • Records Holds • Audit trails 15
  • 16. Purge • An opportunity to: – Conduct data cleansing and normalisation – Identify and improve redundant processes or steps – Remove the rubbish: • duplicates • “non-records” • past-due records 16
  • 17. Programmes: Enterprise Content Management (ECM) Source: AIIM
  • 18. Collaborate Create, access, and manage Search Secure Enterprise wide Structured and unstructured Lifecycle management Print Output Email What is Content? Is it PI? Web Pages Enterprise Applications (Invoices, Statements, etc.) Paper Documents & Files Electronic Documents Meta Data Fax Forms Archiving Photos, Graphics, Video ENTERPRISE WIDE
  • 19. Processes Flows of information Internally or externally generated Value determination Is it a record, or a document, is it PI or all of the above? Why must it be kept? What must be kept? Who must keep it?
  • 20. Information processes V0.4 V1.0 v0.1 v0.2 v0.3 Info creation Declared as record or Information asset Formal repository Disposed Who creates or receives it What format is it in? Should it be converted? Where is it? Where can it be stored? Which processes require it? What rules are in place? Who creates them? How are they implemented in systems? What intervention must users take? Where must they be stored? When? How? By whom? Re-purposed Summarised Analytics Reporting
  • 21. Programmes: Architecture 21 Line of Business Applications Large format Scanning DOCUMENT REPOSITORIES Business Systems Basic Content Services Intranet, Collaboration and Document management Cross-system Search Ad hoc & Reference copy Scanning Multi-Function Devices Stand-alone scanners Records Management • Retention • Access • File Plan/Classification • Paper records management Archiving • Documents • Records • Databases • E-mail Production Scanning Procurement Finance Plant HR ICT QMS Document creation & retrieval Audio- Visual Shared drives Repository Duplicate systems Migrate
  • 22. IG – What is it? • the specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals Source: Gartner IG Is broader than POPI IG Spans multiple domains
  • 23. Typical drivers/domains • Corporate Governance (King III) • Data Privacy (POPI) • Other legislation (FICA, Companies Act, ECT) • Information security • IT Governance • Records Management • Master Data Management (Governance & quality) • Quality (ISO 9001 and SHEQ)
  • 24. Integrated Information Governance Key Success Factors •Executive Buy-In •Aligned to Corporate Goals •Integrated approach •Change Management •Stakeholder inclusion Common Features •Governance Structures •Strategy •Policies •Procedures •Standards •Metrics •Reviews •Benchmarked Principles •Accountability •Integrity •Protection •Compliance •Retention •Disposition •Transparency •Availability Domains •Corporate Governance •Records Management •IT Governance •Data Privacy •Knowledge Management •Master Data Management •Information Security •Information Risk Information life cycle 24
  • 25. Principles (GARP) * (Generally Accepted Recordkeeping Principles) Principle of Accountability • An organization shall assign a senior executive who will oversee the IG program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability. Principle of Integrity • An IG program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability. Source: ARMA
  • 26. The GARP Principles Principle of Protection • An IG program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity. Principle of Compliance • The IG program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.
  • 27. The GARP Principles Principle of Availability • An organization shall maintain information in a manner that ensures timely, efficient, and accurate retrieval of needed information. Principle of Retention • An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.
  • 28. The GARP Principles Principle of Disposition • An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies. Principle of Transparency • The processes and activities of an organization’s IG program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.
  • 29. Accountability • The senior executive in charge should establish a method to design and implement a structure to support the IG program. • Governance structure should be established for program development and implementation. • Necessary components include an accountable person and a developed program. • An IG program should have documented and approved policies and procedures to guide its implementation. • Auditability enables the program to validate its mission and be updated as appropriate.
  • 30. Integrity • Correctness of and adherence to the policies and procedures of the organization • Reliability of the information management training and direction given to the employees who interact with all systems • Reliability of the records and information created • An acceptable audit trail • Reliability of the systems that control the recordkeeping including hardware, network infrastructure, and software
  • 31. Protection • Information audit determines the records and information and the required protection • Implementation of appropriate controls throughout the lifecycle • Systems to have adequate controls • Physical and system controls • Vetting of staff • E-mail and removable media controls • Implementing sensitivity classification
  • 32. Compliance 1. The IG system must contain information showing that the organization’s activities are conducted in a lawful manner. 2. The IG system is itself subject to legal requirements such as requirements to maintain tax or other records and information. – Know what information must be entered into its records to demonstrate that its activities are being conducted in a lawful manner – Enter that information into its records in the manner prescribed by law – Maintain its records in the manner and for the time prescribed by law
  • 33. Availability Organizations must have the ability to identify, locate, and retrieve the records and related information required to support its ongoing business activities. These records are used by: • Individuals and groups to reference, share, and support their work • Legal and compliance for discovery and regulatory review purposes • Numerous corporate functions to validate management decisions and account for the resources of the organization.
  • 34. Retention Implement Retention periods including requirements for: • Legal and regulatory • Fiscal • Operational • Historical
  • 35. Disposition • At the completion of the retention period for an organization’s records, the records must be designated for disposition. • Transfer or destruction • Implement records holds • Formal approval and documentation of all disposition activities
  • 36. Transparency Records documenting the IG programme must: • Document the principles and processes that govern the programme • Accurately and completely record the activities undertaken to implement the programme • Be written or recorded in a manner that clearly sets forth the information recorded • Be readily available to legitimately interested parties
  • 37. Conclusion: Benefiting from POPI +IG • Don’t treat it as a compliance initiative • Seek benefits from understanding your information and revising processes • Use it as a catalyst to implement sound Information Governance • Information Governance is a programme, a journey. 37