The Changing Nature of Privacy 22 August 2018 1 Introduction - - PowerPoint PPT Presentation

1

The Changing Nature of Privacy

22 August 2018

2

Introduction

Speaker: Juan-Jacques Jordaan Attorney BComm LLB (UKZN) juan@fpattorneysinc.co.za / 083 777 6893

3

Introduction

4

Privacy from your personal perspective

5

Privacy as a Concept

the right to be let alone the option to conceal any information from others self-identity and personal growth

the option to limit the access others have to one's personal information

control over others' use of information about oneself states of privacy (solitude, anonymity etc.)

6

Current Law

• Privacy Foundation in South Africa
• The Constitution of the Republic of South Africa provides the following in section 14 of

the Bill of Rights: Privacy: Everyone has the right to privacy, which includes the right to not have: - (a) their possessions or home searched; (b) their property searched; (c) their possessions seized; or (d) the privacy of their communication infringed. These basic rights set out the foundation of the right to privacy in South Africa.

7

Current Law

ECTA CPA RICA NCA

POPIA

8

Protection of Personal Information Act

• POPIA gives greater effect to the section 14 right to privacy contained in the Constitution

Promote protection of PI (Public & Private) Minimum Requirements for processing Information Regulator Codes of Conduct Unsolicited Communications and Automated Decision Making Cross-border transfers

9

Data Protection Laws Globally

10

European Union

• OECD → EU Data Protection Directive 95/46/EC (has been replaced)
• GDPR has gone live
• Now you have to ensure that you are looking after your EU data subject’s rights
• Article 3 of the GDPR provides for extraterritoriality provisions in its application
• GDPR → General Data Protection Regulation (effective 25 May 2018)
• Single set of rules applicable to all EU member states (independent Supervisory Authority)
• Right to question / fight decisions made automatically
• DPO

11

Trans-border Information Flows

12

Personal information in different shapes

13

Value of Data

01001101011110010010000001101110011000010110110101100101001000000110100101110011001 00000010010100111010101100001011011100010110000100000010010010010000001110111011000 01011100110010000001100010011011110111001001101110001000000110001001100101011101000 11101110110010101100101011011100010000000110001001110010011100000110000001000000110 00010110111001100100001000000011000100111001001110010011000000100000011000010110111 00110010000100000010010010010000001100001011011010010000001100001011011100010000001 10000101110100011101000110111101110010011011100110010101111001001000000110000101101 11001100100001000000100100100100000011011000110100101110110011001010010000001101001 01101110001000000101001101101111011101010111010001101000001000000100000101100110011 10010011010010110001101100001001000000110000101101110011001000010000001001001001000 00011001000111001001101001011101100110010100100000011101000110100001100101001000000 10011100011001000100000011101000110111100100000011101110110111101110010011010110010 00000110010101110110011001010111001001111001001000000110010001100001011110010000101

14

Value of Information

My name is Juan, I was born between 1980 and 1990 and I am an attorney and I live in South Africa and I drive the N2 to work every day

15

Value of Knowledge Subject Information: Name: Juan Occupation: Attorney Location: South Africa Age: 28 – 38 Commute: N2

16

Value of Wisdom

Governments Companies Criminals Marketers

17

DIKW Hierarchy

Data

Information

Knowledge

WISDOM

Source:

• R. Ackoff

18

We Love Data

19

Value of Data

20

But What About Data Protection?

Terms

• f use

Terms of service Data use policy End user agreement

POPIA Compliant Meet GDPR Requirements

21

We Are All Liars

• “I have read and agree to the terms”

tosdr.org

“I have read”

22

The Lie We Tell

TERMS OF SERVICE

✓ I totally read all that and I wholeheartedly agree!!!

23

We (are beginning to) Hate Data

• Struggling to keep personal data private
• Hacking
• Phishing
• Data Loss
• Surveillance
• For every bit of information received, there was an opposite request sent
• PRISM (Snowden)
• SPAM

24

Privacy from your business perspective

25

Application of POPIA to Businesses

• Every business processes Personal Information

Customer Employee Vendor 3rd Party

Security

Collection Processing Distribution Archiving Destruction

26

Application of POPIA to Businesses

What?

• Information is

needed?

• Information is

collected?

• Purpose?
• Protections are

in place?

• Are your
• bligations?
• Do we do with

the information? How?

• Do you collect

information?

• Is the

information processed?

• Do our

employees treat information?

• Do we store the

information?

• Do we ensure

compliance? Who?

• Is responsible

for the information?

• Do we share the

information with?

27

Information Your Business Holds

• Race, gender, pregnancy, marital status, national, ethnic or social origin,

age, physical or mental health, disability, religious, language, birth

• Education, medical, financial, criminal or employment history
• Identifying numbers, symbols, email addresses, physical addresses,

telephone numbers, biometric information

• Correspondence sent by the person that is implicitly or explicitly private or

confidential

28

Information Your Business Holds

• The huge amount of data or information within your business:
• Identifies opportunities
• Drives innovation
• Leverages strengths
• Mitigates risk
• Streamlines processes
• Valuable asset that needs to be protected at all costs

29

So Why Are We Intimidated By Data Protection Laws?

• Penalties

Business Lens We ignore the fact that you and I as we sit here are all data subjects

• Unnecessary
• Compliance Costs

30

How Compliance Assists Your Business

• Data Subjects Right to Privacy
• Better control of your own data
• Better access to your data
• License to use
• Prepared for data subject access requests
• Efficiency
• Easier processes simplifies and streamlines business
• Better understanding of applicable laws
• Greater uses for the data
• Algorithms can be used to improve services or products
• Automated decision making

31

How Compliance Assists Your Business

• Quality of Data
• Up to date data
• Greater knowledge of financial position
• Breach notification
• Accurate view of customer base
• Clear understanding of the types of data you need and use

32

How Compliance Assists Your Business

• Clients
• Consent management
• Enhanced privacy builds customer loyalty and trust
• More engaged clients
• Improved client satisfaction
• Improved brand perception
• Batter marketing practices with targeted messages
• Transparency
• Say what you do, and do what you say
• Intended purpose
• Storage periods
• Right to access
• Disclosure

33

How Compliance Assists Your Business

• Security
• Stronger measures in place to protect your data
• Accountability to users of data
• SPAM
• Prevention and limitation of SPAM
• Not being a spammer
• Cyber Crime
• Handling incidents in a controlled and prepared manner
• Prevention

34

European Union

• OECD → EU Data Protection Directive 95/46/EC (has been replaced)
• GDPR has gone live
• Now you have to ensure that you are looking after your EU data subject’s rights
• Article 3 of the GDPR provides for extraterritoriality provisions in its application
• GDPR → General Data Protection Regulation (effective 25 May 2018)
• Single set of rules applicable to all EU member states (independent Supervisory Authority)
• Right to question / fight decisions made automatically
• DPO
• Applies to South African data processors / companies if you:
• process the personal information of EU residents
• if you offer those EU residents goods or services; or
• if you monitor the behaviour of EU residents

35

Avoiding Risk

• Process data in ways that are consistent with the

purpose for collection

• Limit access to data containing personal information
• Communicate data subject rights, purpose,

retention, cross-border transfers etc.

• Contacts for policy or other privacy related issues
• Ensure technological measures are in place to

mitigate risks

• Evaluate vulnerabilities
• Allow data subjects access and control of their data

36

Data Privacy Scare Factor

37

Breaches

• Security
• SA data breaches doubled in 2016

83 million users name, address, phone number and email address

145 million user details compromised Passwords, email addresses, birth dates, mailing addresses and

• ther personal

information

45 million credit and debit card records 500 million user email accounts Foreign state 145 million U.S. customers data stolen

60 million ID numbers and other data

SA Master Deeds

38

Breaches

39

Check your status

https://haveibeenpwned.com/

40

Information Privacy Officer

• Delegation
• Mandatory
• CEO if not delegated
• Responsible for all POPIA relevant issues

Information Privacy Officer

Compliance Training Responsibility

Thank you.

41

juan@fpattorneysinc.co.za

https://www.linkedin.com/in/juanjacquesjordaan/