WHAT IS THE POPI ACT? ___________________________________ POPI - - PDF document

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

HUMAN BEHAVIOUR & ETHICS | LIFE & BUSINESS MASTERY MEDIATION & LEGAL SOLUTIONS | CORPORATE TRAINING

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

What is the POPI Act? How to protect yourself in terms of the Act. How POPI fits into your practice.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

WHAT IS THE POPI ACT?

POPI refers to the Protection of Personal Information Act,

It aims to ensure that all South African Institutions adhere to responsible conduct when collecting, processing, storing and sharing another Personal Information.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

WHAT IS THE PURPOSE OF POPI?

• To promote the protection of personal information processed by public and

private bodies

• To introduce certain conditions to establish minimum requirements for

processing personal information

• To provide for the establishment of an Information Regulator to exercise certain

powers and duties in terms of this Act and the Promotion of Access to Information Act

• To provide for the issuing of codes of conduct
• To provide for the rights of persons regarding unsolicited electronic

communications and automated decision making

• To regulate flow of personal information across the borders of RSA

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ POPI LEGISLATION AIMS TO BESTOW CERTAIN RIGHTS UPON THE INDIVIDUAL

INCLUDING CONTROL OVER:

• WHE

HEN and HO HOW one chooses to share personal information (requires consent)

• The TYP

YPE and EX EXTENT of information you choose to share (must be collected for valid reasons)

• TRANSPARENCY and ACC

CCOUNTABILITY Y on how data will be used (limited to the purpose)

• Gaining ACC

CCESS to one’s OWN INF INFORMATION & the right to have data removed or destroyed

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

PERSONAL INFORMATION

Personal broadly means any information relating to an identifiable, living, natural person or juristic person (companies, CC’s etc.) and includes, but is not limited to:

• Contact details: email, telephone, address etc.
• Demographic information: age, sex, race, birth date, ethnicity
• History: employment, financial, educational, criminal, medical
• Biometric information: blood type etc.
• Opinions of and about the person
• Private correspondence

NB: Some e personal

• nal informa

rmation

• n, on its

s own does not reve eveal al someone’s identity. Eg

• Eg. A name

e A U UNIQUE UE IDENTIFI FIER ER reveals als the iden entity y of a person

• n.

. Eg

• Eg. ID

Numbe ber or Name & C Conta tact ct Numbe ber r

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

SPECIAL PERSONAL INFORMATION

:

• Religious or philosophical beliefs
• Race or ethnic origin
• Trade Union Membership
• Political persuasion
• Health or Sex life (including HIV status.)
• Criminal behaviour/records/history
• Biometric Information
• Personal information of subject’s children

KEY TERMS DEFINED

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

PROCESSING

• Collection
• Usage
• Storage
• Dissemination
• Modification
• Destruction

(whether such processing is automated or not.)

KEY TERMS DEFINED:

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

ROLE PLAYERS

• DATA SUBJECTS :

natural persons, or entities such as companies, communities or other legally recognized organisations with the right to protections of Personal Information

• RESPONSIBLE PARTY:

company or organization entrusted and liable to protect Private Information

• INFORMATION REGULATOR: a regulating authority set up by the government to

ensure compliance to POPI Central Offices will be in Gauteng.

Chaired by: Adv Tlakula, Mr Weapond, Adv Stroom, Prof Pistorius and Mr Snail

KEY TERMS DEFINED

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

DOES POPI REALLY APPLY TO ME?

YOU ARE A RESPONSIBLE PARTY UNDER THE POPI ACT IF YOU ARE A PUBLIC OR PRIVATE BODY OR ANY OTHER PERSON WHICH, ALONE OR IN CONJUNCTION WITH OTHERS, DETERMINES THE PURPOSE OF & MEANS FOR PROCESSING PERSONAL INFORMATION.

There are cases where POPI does not apply. Exclusions include:

• purely household or personal activity
• sufficiently de-identified information
• some state functions including criminal prosecutions, national

security etc.

• journalism under a code of ethics
• judiciary functions etc.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

RESPONSIBLE PARTY VS. OPERATOR

It’s important to know whether you are regraded as an ‘operator‘ or ‘responsible party’. Both have certain obligations but the responsible party has a much broader responsibility. To determine if you are an operator, you can ask yourself whether you:

1. Process the data solely in the interest of and on behalf of another, 2. Do so only according to their instructions, but without coming under their direct authority, 3. In terms of a written contract, 4. Would dispose of the data after the arrangement ends, 5. Are merely a service provider, and 6. Do not use the data for any of your own purposes If all the above are true, you are probably an operator – if not, you are a responsible party.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

WHY SHOULD I COMPLY WITH POPI?

• POPI promotes transparency with regard to what information is collected & how it is to

be processed. Openness increases customer trust in the organisation.

• POPI compliance involves capturing the minimum required data, ensuring accuracy, and

removing data that is no longer required. These measures should improve the

• verall efficiency and reliability of the organisation’s databases. Less data also means less

storage / archiving space and cost.

• Failure to comply with the POPI ACT, could lead to:
• A complaint lodged with the Information Regulator
• Receiving a civil claim for payment of any damages
• Criminal Prosecution; if convicted there could be a fine up to R10 million or a prison

sentence up to 10 years.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

POPI PROCESS

• Personal Information may only be

collected for the specific purpose of providing services to a particular

• subject. (i.e. patient)
• If Personal Information has been

collected from another source, the practitioner must inform the patient

• f this, as well as the source and
• purpose. (orally or in writing.)

COLLECTION PRESERVATION THIRD PA PARTY ACCESS The POPI process can be broken down into 3 main parts:

• Any Personal Information must be

protected from loss, damage or unauthorized destruction and unlawful access.

• Responsible parties will be expected

by law to implement reasonable technical and organizational measures to ensure protection is in place.

• The arrangements around third party

access to patient information broadly match the guidelines set out by the HPCSA.

• This means that in most cases the

patient’s consent is required to pass information to a third party, with a different purpose for the information.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

POPI AND THE LAW

IGNORANCE OF THE LAW IS NO EXCUSE

• Failure to comply with the POPI ACT, could lead to:
• A complaint lodged with the Information Regulator
• Receiving a civil claim for payment of any damages
• Criminal Prosecution; if convicted there could be a fine up to R10 million or

a prison sentence up to 10 years.

• ACT was signed in November 2013, we are now waiting a commencement

date, after which 1 year grace period.

• Many other countries have similar legislation – the POPI Act borrows from the

‘best of’ these international legislations.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

THE ACT EXPLAINED

The 8 conditions for the Lawful Processing

• f the Act:
• Responsible party is accountable for complying with measures which give

effect to the conditions.

• Cannot contract out of obligations for example, by outsourcing processing of

information.

• Responsible party is accountable from inception: at the time "purpose and

means" of the processing determined.

• Responsible party remains accountable throughout the lifecycle of

processing.

• Process lawfully and in a reasonable manner that does not infringe on the

privacy of the data subject i.e. the owner of the information

• Personal Information may only be processed if the given purpose is

adequate, relevant and not excessive.

• Personal Information may only be processed if you have consent:
• Necessary to carry out actions for conclusion or performance of contract

with the data subject

• Necessary to comply with legal obligation
• Necessary to protect legitimate interests of a data subject
• Necessary for the performance of a public law duty by a public body
• Necessary to pursue legitimate interests of responsible party or third party.

1) Accountab tability ty/ / Processing li limita tatio ion

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

THE ACT EXPLAINED

The 8 conditions for the Lawful Processing

• f the Act:
• Personal information must be collected for a specific,

explicitly defined and lawful purpose related to the function

• r activity of a responsible party.
• Steps required to make the data subject aware of the

purpose for collection of information.

• Retention of records only as long as necessary to achieve the

purpose for which it was collected or processed, subject to exceptions such as (i) Where required or authorized by law; (ii) Reasonably required for lawful purposes; (iii) Required by contract between parties; or (iv) Consent.

• Obligations to delete, destroy or restrict processing.
• Any further processing must be "compatible" with the

purpose for which the personal information was initially collected.

2) Pu Purpose specifi ificatio ion and furthe ther processing li limita tatio ion

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

THE ACT EXPLAINED

The 8 conditions for the Lawful Processing

• f the Act:
• The responsible party has the duty to take reasonable

practical steps to ensure that personal information is complete, accurate, not misleading and updated where necessary.

• Must have regard for the purpose for which personal

information is collected or processed further.

3) Info forma rmation ion quali lity y 4) Openness

• The responsible party must take reasonably practical steps to

ensure that the data subject is aware of various matters related to collection and processing of their personal information.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

THE ACT EXPLAINED

The 8 conditions for the Lawful Processing

• f the Act:

5.) Security y safeguards

• The responsible party must secure the integrity and confidentiality
• f the Personal Information (PI) in its possession by taking

appropriate, reasonable, technical and organizational measures to prevent loss, damage, or destruction and unlawful access, In order to do this, the responsible party must:

• Identify all reasonably foreseeable internal and external risks

to PI in its possession or under its control

• Establish and maintain appropriate safeguards against

identified risks Regularly verify that safeguards are effectively implemented

• Ensure safeguards are regularly updated in response to new

risks or deficiencies,

6.) In doing so,

• The responsible party must have due regard to generally

accepted information security practices and procedures.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

THE ACT EXPLAINED

The 8 conditions for the Lawful Processing

• f the Act:

7) Data subject particip ipation ion

The data subject is entitled to:

• Enquire, free of charge, whether his I her PI is being

processed

• Request description of his I her PI
• Request information about the recipients of his I her PI
• Challenge the accuracy of their PI
• Request correction of their information (if inaccurate,

irrelevant, excessive, out of date, incomplete, misleading or

• btained unlawfully)
• Request deletion

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

THE ACT EXPLAINED

The 8 conditions for the Lawful Processing

• f the Act:

8) Processing and Compl mplian iance Audits

Organisations should do processing and compliance audits by:

• Identifying all the collection points of personal information,

like websites, application forms, call centres, employment application forms and event attendance sheets,

• Identifying personal information being collected and

whether it is being collected directly from the data subject

• r via a third party,
• Identifying all purposes for processing both internal and

external access (including disclosure)

• Identifying when exceptions to conditions for lawful

processing apply,

• Identifying all purposes for processing both internal and

external access (including disclosure)

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

RETENTION OF RECORDS

Retain Information only as long as necessary POPI requires that ‘records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected…” Practically this may be one of the most difficult provisions to comply with as it requires a very clear picture of all purposes for which a piece of information is kept and a thorough understanding of business processes.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

RETENTION OF RECORDS

There are some exceptions to this rule, where the information may be kept for longer: When required by law

• Records may be retained for longer when the retention “is required or authorised by law”
• The “Guide detailing retention periods” compiled by the South African Institute of Chartered

Accountants is a good starting point. Reasonably required

• Records may be retained for longer when the organisation “reasonably requires the record for

lawful purposes related to its activities and functions”

• What is reasonable will depend on the circumstances in each case which may lead to some

uncertainty. Required by contract

• As an example, your service contract with a customer might state that you are required to

provide your customer with important safety or medical updates regarding your product or

• service. In order to perform under the contract you would therefore need their contact

information.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

READ, IDENTIFY & CHECK STAFF & PREMISES ASSESS, CREATE & IMPLEMENT THIRD PARTIES

STEP 1 STEP 2 STEP 3 STEP 4

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

READ, IDENTIFY & CHECK

STEP 1

• READ THE ACT, easily accessible on the internet.
• UNDERSTAND the implications, liabilities & processes.
• Identify & create a list of all the different types of

personal information that you process.

• Check that the info you are processing complies with

Chapter 3 of the ACT

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

STAFF & PREMISES

• Identify every person in your business that deals with personal

information.

• Train these staff members on the act. Must be ONGOING!
• Appoint an Information Officer to ensure compliance and

adopt responsibility

• Consider your premises, where is your personal information

stored? Is it under lock and key, password protected? Is it visible to anyone who enters your premises. Can you enhance security? CCTV or biometric access?

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

STEP 2

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

ASSESS, CREATE & IMPLEMENT

• Assess the way you currently acquire, process, retain &

destruct Personal Information.

• Reassess & recreate your information documents/ forms to

comply with POPI.

Ensure that:

• You only ask for relevant information – it must be collected for

a specific, explicitly defined & lawful purpose that is related to the function of your company

• You include a disclaimer that outlines what the information will

be used for, how long it will be retained for & under which circumstances it will be shared & with who

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

STEP 3

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

ASSESS, CREATE & IMPLEMENT

• Reassess and recreate your correspondence and notices

with your clients:

• For example, if you send out advertisements or

annual checkup reminders or newsletters, ensure that you have their permission to do so. OPT IN (this can be included on your initial client information form) Also include the option to OPT OUT of such correspondence in the actual emails etc.

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

STEP 3 cont.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

ASSESS, CREATE & IMPLEMENT

• Make sure that your clients are always

accommodated in terms of their personal information

• they have the right to request records, or

destruction thereof; free of charge.

• they must be informed about the sharing
• f their information with third parties.

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

STEP 3 cont.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

ASSESS, CREATE & CONSIDER

• Consider the format in which you collect & store your

information & the destruction thereof, make sure documents are shredded, not just thrown away.(National Association of Information Destruction & Metrofile) Format drives to completely eradicate computer stored information.

• Consider the state of your storage – do you have outdated

information,unnecessary duplicates. Ensure that you have a schedule to declutter & reassess the stored information, & destruct unneeded information regularly.

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

STEP 3 cont.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

THIRD PARTIES

• Consider the following:
• Do we outsource any processing of Personal

Information to a Third Party? Do they comply with the Act and are our Clients aware of this?

• Do we receive Personal Information from other

parties (referrals etc.) – if so, do we inform the subject who we received it from and why etc.

A PRACTICAL STEP BY STEP GUIDE TO COMPLY WITH POPI

STEP 4

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

As we adopt behaviours to be compliant with POPI, we also increase customer trust. Here are some Guidelines:

No surprises

• Do not re-purpose customer information, surprising the customer when the information pops

up in a different context.

• Do not allow their information to leak to third parties.
• Do not lose their information and then ask them to supply the same information again.
• Don’t collect their personal information from third parties without their consent.

Be open

• Tell customers exactly what information you need and why.
• Tell them who you are and inform them that you are POPI compliant/or beginning to adopt

POPI compliant practices Give them control

• Allow customers to access and correct their information.

INCREASING CUSTOMER TRUST WITH POPI

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

WHAT DOES CONSENT MEAN?

Expression of will that is:

• Voluntary
• Specific
• Informed

All three must be present.

CAN I SEND SMS MARKETING TO A TELEPHONE LIST I ACQUIRED OR BOUGHT FROM A PROVIDER?

Only if that provider has acquired the consent of the people on the list to receive marketing communication from third parties, and such consent was communicated to you.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

HOW CAN WE PROVE POPI COMPLIANCE TO CLIENTS?

While there is no universal ‘seal of compliance’, POPI requires Openness, Security safeguards and data subject Participation among other conditions listed in the ACT. Complying with these conditions is often self-evident.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

WHAT ARE COMMON EXAMPLES OF BREACHES OF THE POPI ACT?

• Loss of personal info due to inadequate

security safeguards. (throwing away paper)

• Collecting personal info without consent.

(SMS database, not subscribed.)

• Sending personal information unnecessarily or

in error. (visible email addresses in bulk emails)

• Breach of security safeguards (I.T. systems

hacked)

• Not complying with notices received from

Information Regulator

• Processing Special Personal Information when

not necessary (disclosing HIV status out of protocol)

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

CAN I COLLECT PERSONAL INFORMATION OF CHILDREN?

As a general rule, No. Unless there is prior consent from a guardian or where the person under 18 is otherwise legally competent.

ARE WE ALLOWED CCTV CAMERAS IN THE OFFICE?

Yes, but there must be notice given to people on entering your premises. Placement is also important – nothing unnecessary (i.e. bathrooms etc.)

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

WHAT IF I DON’T START OR COMPLY?

Regulatory, Operational, Financial and Reputational risk – regardless of the size or structure of your company.

WILL I BE ABLE TO GET AWAY WITH NOT REPORTING A LOSS OF PERSONAL INFORMATION? WHO WILL KNOW IF I DON’T REPORT IT?

Most times, another party will be aware of a breach – the data subject, the party the information was incorrectly sent to or criminals. If you don’t report the breach and the Information Regulator becomes aware of this – additional fines and sentences

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

ARE THERE ANY ISSUES WITH EMPLOYEES USING THEIR SMART DEVICES/USBs IN THE WORKPLACE?

Develop a thorough policy in this regard – as devices will contain several examples of personal information – contact lists etc.

ARE WE ALLOWED TO STORE CLIENT’S RECORDS IN THE CLOUD?

Yes, but it is imperative to realize that you are responsible for such records. Familiarize yourself with the company hosting your cloud services – make sure they are POPI compliant.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

ARE WE RESPONSIBLE FOR SECURITY OF DOCUMENTS STORED AT STORAGE COMPANIES?

Yes. Ensure POPI compliance and agreement between your company and storage company.

IF WE HAVE AGREEMENTS IN PLACE WITH SERVICE PROVIDERS, ARE WE STILL LIABLE FOR BREACHES?

Yes, you cannot outsource a statutory

• bligation. However, it could be used to

mitigate your case.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

IS AN AWARENESS/TRAINING PROGRAMME REALLY NECESSARY FOR STAFF?

Yes. Up to 60% of the compliance effort resorts in driving home awareness and conducting

• training. Easy changes.

WHO SHOULD RECEIVE TRAINING?

Every employee should receive awareness training (basic) Employees dealing with Personal Information need more in-depth training.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

7 CORE ASPECTS: A RECAP

* Define a clear privacy policy and incident management * Assess third party management * Address the information security aspects * Address cross flows of information, both internally within the

• rganisation/across legal entities as well as cross border flows

*Understanding the impact of being non-compliant * Managing consent and exception processes – ensuring that the required consents are captured at the right time, for the right reason and in the right way is key for any organisation. No organisation wants to bug their employees and consumers for consents, after the sale/service offering or deal is concluded. * Training and awareness – this is key.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

POPI WORKSHOP – IMPACT LEARNING SPECIAL

R 3 500 per person – every 5th person free.

Contact us – for more details, dates and queries.

• Course Material, Tailored

Solutions and refreshments included

• Conducted onsite or at our offices

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

MEDIATION IN MEDICINE

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

WHAT IS MEDIATION?

• Alt

lternate Di Dispute Res esoluti tion

• Facil

ilitated by y Imp Impartia ial Media iator, di disputants ts solv solve an and neg negoti tiate the heir own se settl tlements ts.

• Med

ediati tion vs s Liti Litigati tion? ‘Having your day in court, does not always mean having your say in court.”

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

DRIVING FORCE PERSONAL NEEDS GUIDING FORCE SPIRITUAL NEEDS

WH WHAT THE DISPU PUTANTS DO WH WHAT THIRD PARTIES DO WH WHO MAKES THE DECISIONS

NEGOTIATIONS

Seek agreement between themselves Ends up as bargaining – win/lose. No third party The parties themselves

MEDIATION

Seek agreement between themselves with the help of a trained, impartial, independent third party. Fair solutions – win/win Facilitates communication and helps parties come up with

• agreements. Provides structure

and constructive problem solving in an impartial way The parties themselves

ARBITRATION

Present information and evidence about what is going on for them – put forward their case so that someone else can work out an agreement for them. win/lose or win/win Hear parties, weigh up information, evidence and ideas and make a final decision which can be binding or non-binding The Arbitrator

LITIGATION

Supply information to a lawyer about the

• situation. Build a case against the other party.

Other than this, disputants are not directly involved in the resolution. Adversarial – always win/lose Hear legal representative’s present their client’s evidence and discredit opposite evidence. Provide structure, enforce rules

• f conduct, weigh up evidence

and pass binding judgement. The judge or magistrate

DISPUTE RESOLUTION METHODS

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

MEDIATION VS LITIGATION

• Cost Effective
• Time saving
• Door is never closed
• Preserve relationships
• Less Stressful
• Private
• Avoid Overburdened Court System
• Have your say and potentially both get what you want…

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

THE ORANGE DISPUTE

Both parties want the orange. Courses of resolution: 1.) Give one party the orange. win/lose 2.) Neither party gets the orange. lose/lose 3.) Compromise – Halve the orange. part win/part lose 4.) Creative solution through mediation. win/win

• Eg. One party might want the peel to make marmalade

The other might want the flesh for juice. By cutting the orange in half, neither really got what they wanted, which they could have – had their motives been determined

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

THE PROCESS

• 1. Agreement to Mediate with chosen/appointed Mediator
• 2. Joint Session – each party can state their case
• 3. Opportunity for Private/Confidential Session
• 4. Continued Sessions until agreement is reached
• 5. Once agreement is reached – Mediator assists with

recording the settlement in writing, signed by both parties.

• 6. The agreement can be made an order of the court

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

MEDIATION IN MEDICAL DISPUTES

WHAT MOTIVATES PATIENTS S TO INSTITUTE COURT CLA LAIMS AGAINST HEALTH CAR ARE PROFESSIONALS?

• Money for compensation
• Lawyers – touting and encouraging litigation
• Contingency Fees – not having to pay attorney unless claim successful. No

risk, worth the try

• Lack of proper doctor/patient communication
• Deterioration of service by overburdened and understaffed facilities
• Criminal Conduct
• Advent of constitutional protections
• Consumer Protection Act, which is making patients aware of their rights

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

MEDIATION IN MEDICAL DISPUTES

• Fast becoming an effective means to resolve medical malpractice

disputes, all around the world.

• Many times patient’s resort to suing, simply to find out what
• happened. Mediation offers space to clear up unanswered

questions and presents the doctor as a human being.

• At present, USA, CANADA and the UK have embraced Mediation in

Medical Disputes. In Florida, USA, the courts are duty bound to first refer the complaint for mediation, only if this fails, can litigation proceed.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

MEDIATION vs LITIGATION

Li Litigation

• n

Me Mediation

• n

Costly: Even with Contingency Fees Policies – 25% substantial amount of winnings. If lose, often responsible for winning parties costs. Cost Effective: Below R10 000 per day of Mediation – split between parties Time Consuming: takes months to get to trial, interim procedures, postponements, appeals Less time consuming: 50% of mediations result in an agreement in a 1 day session. Only have to co-ordinate diaries with Mediator. Adverse publicity and hostile cross-examination can cause reputational damage or career ruin. Also undermines patient’s dignity in some cases. Private and Confidential, so parties tend to be more

• pen and honest.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

• Adv. Mabel Slabbert (c) UNAUTHORISED REDISTRIBUTION OF THIS MATERIAL IS PUNISHABLE BE LAW.

MEDIATION vs LITIGATION cont.

Li Litigation

• n

Me Mediation

• n

Many claims instituted long after the event of the matter took place – hampers the facts & investigation Mediation can take place soon after the event – fresh memories, access to personnel and documents much easier. Courts and Judges are not necessarily au fait with complex medical procedures – even with experts- may come to unjust decisions Medical experts can be appointed to clarify any lack

• f technical understanding for both parties – to

better understand the problem & reach agreement. Engenders equality – removes imbalance of power between ‘stronger’ professional and ‘weaker’ lay person. Court Decisions are sometimes based on legal technicalities (exceptions, prescription, lack of compliance with notice periods, etc.) Leaving parties dissatisfied and issue unresolved. Greater control for parties over the process, real needs can be discussed and met.

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________

For tailored Staff training on the POPI awareness, Ethics and Values. Contact:

HUMAN BEHAVIOUR & ETHICS | LIFE & BUSINESS MASTERY | MEDIATION 083 600 27 23 | mabellslabbert@gmail.com

___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________ ___________________________________