Protection of personal information reviews

With the imminent commencement of the Protection of Personal Information Act all companies will need to review the manner in which they process information, and in particular personal information, in order to comply with the provisions of the Act and other related legislation. In many entities the processing of information is unstructured, with little or any governance and management of the processing. For many entities the necessity of complying with the Protection of Personal Information Act will require a review of their current status, a vision of the status that they need to achieve to ensure compliance, and careful planning to make the changes necessary and implement appropriate technologies (or configurations of existing technology), the documentation of policy, procedures and standards and the development of training materials necessary to achieve the desired status.

To address these requirements and achieve the objectives necessary a multidisciplinary approach, with expertise in information governance, management and security as well as relevant legislation and protection of personal information know-how are minimum requirements.

Protection of personal information reviews may also be supplemented by Privacy Impact Assessments. These are intended to focus on specific information lifecycles, mapped against the Lawful Conditions of processing of personal information required in Chapter 3 of the Protection of Personal Information Act and other legislation or regulation which applies to the information being processed, assessing areas of non-compliance, determining the changes and control measures necessary to achieve compliance and the impact at technology, business and compliance levels that the necessary changes will have to the business conducted by the organisation.

Privacy Online consultants possesses the skills required to review the technology and process within an entity, recommend remedial and development interventions necessary to achieve the desired changes, and the education ability to transfer skills to identified people within the entity.

  • 13 September 2017 - 12:37:00
    In Government Gazette No. 41105 published on the 8th September 2017, the Information Regulator invited comment on the draft Regulations ...

  • 11 April 2017 - 10:02:00
    I was recently referred to an article entitled "Responding to Cybercrime at Scale: Operation Avalanche - A Case Study". The article is published by the Centre for Cyber and Homeland Security at the George Washington University and is authored by Robert Wainwright, a director of Europol and Frank J. Cilluffo, director of the Centre for Cyber and Homeland Security.

    For anyone dealing with the Cybercrimes and Cybersecurity Bill, this article provides some insight into the complexity of cybercrime and the profoundly different way in which the combatting of cybercrime needs to be addressed.