THE PROTECTION OF PERSONAL INFORMATION ACT REQUIRES ALL PUBLIC AND PRIVATE BODIES TO IMPLEMENT EFFECTIVE TECHNICAL AND ORGANISATIONS MEASURES FOR ERP
A responsible party must ensure that the conditions set out in this Chapter 3 of the Protection of Personal Information Act, and all the measures that give effect to such conditions, are complied with at the time of the determination of the purpose and means of the processing and during the processing itself.
Enterprise Resource Planning (ERP) systems process a wide variety of business information, including many types of personal information. ERP systems have many features that can assist responsible parties with the protection of personal information. Omitting to use the available features could become a problem when a non-compliance with POPIA is reported to the Information regulator.
Business leaders and responsible parties who fail to fulfill their obligations defined in this Act may be charged personally with a criminal offence and face civil claims for damages.
It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA to ensure that personal information is processed lawfully and in a manner that does not infringe the constitutional rights that individuals have to privacy.
Participants will gain a general understanding of the legal obligations placed on “Responsible Parties”. On completion of this 1 day seminar, participants will be able to:
- Articulate the requirements of the Protection of Personal Information Act
- Demonstrate an understanding of the conditions for the lawful processing of personal information
- Describe the role, responsibilities and legal obligations of the responsible parties.
- Describe the roles and the responsibilities of the other parties concerned about the processing of personal information
- Identify the effort required to meet the requirements of the Protection of Personal Information Act and to fulfill the conditions for lawful processing personal information contained therein.
Participants will learn through discussion and practical examples about the typical technical and organisational measures available in ERP systems.
This seminar includes topics about:
- Overview of the POPI Act requirements for technical and organisational measures to protect personal information and prevent unlawful processing
- Privacy by design and default
- Documented privacy-enabling practices and tasks
- Environmental security
- Resource protection
- Random access memory protection
- Temporary storage, trace and dump file protection
- Network and data persistence encryption
- Data dictionary, database security and blocks
- Accuracy, integrity, completeness and validity checks
- System isolation, unlinkability and intervention
- PKI and certificate management
- Logical access control, segregation of duties
- POPI compliant system development practices
- System privilege, feature and command restriction
- Identity management
- User authentication, authorisation and single sign-on
- Access permission, privilege management, de-registration
- Event and incident logs, history, reporting and auditing
- System updates, patch and change control
- Records management, information life-cycle management
- Organisational structures, roles, job descriptions
- Availability controls and configuration management
- Supplier management and verification
- ISO 27001 and Privacy Management Systems.