|About this webinarThe phrase ‘data breach’ is the common denominator between large entities and actors such as Experian, Liberty Insurance, View Fines, Ster-Kinekor, the Registrar of Deeds and the Master of the High Court. More recently President Ramaphosa has been engaged in litigation with the Public Protector on issues surrounding the release of documentation relating to 2017 African National Congress presidential campaign’s funding (CR17), which the President considered as Personal information. Data breaches serve as one example of the privacy and cybersecurity concerns tackled by the Protection of Personal Information Act 4 of 2013 (the Act).
This webinar is designed to provide useful insights on the rights, duties and obligations of responsible parties, operators and data subjects. The webinar incorporates an expert take on the role of the Information Regulator, which is the custodian of the Act, as well as a basic understanding of the eight conditions for the lawful processing of personal information. Greater benefit will be drawn from the webinar to participants who have taken it on themselves to read the Act and take in various discussions around some of its most salient features in books, academic articles and various forms of media.
The programme will include:
- An introduction to the rationale underpinning the concepts in the Act.
- Key terms and definitions to identify various stakeholders.
- The 8 (eight) conditions for processing personal information.
- The importance of implementing security safeguards.
- The rights of data subjects vis-à-vis the obligations of responsible parties.
- Conditions for the lawful processing of personal information.
- Exclusions and exemptions to the Act.
- Special personal information and exemptions.
- Enforcement Mechanisms, offences, penalties and administrative fines.
At the end of this training, attendees should have a basic understanding of the role to be played by the Act in safeguarding the right to privacy and the importance of data protection in the processing of personal information within their respective industries and environments. Attendees will have a heightened appreciation for the implications arising out of compliance with data protection legislation as well as the consequences arising from a failure to comply
Background of the Act
The Act was signed into law on the 19th November 2013 and on the 1st July 2020, President Ramaphosa, by way of Proclamation implemented the remaining provisions namely ss 2 to 38; ss 55 to 109; s 111; and s 114 (1), (2) and (3). Ss 110 and 114(4) shall commence on 30 June 2021. According to s 114(1) all forms of processing of personal information must, “within one year after the commencement of the section”, be made to conform to the Act.
The Act finds its legal axis in Section 14 of the Constitution which regulates unrestricted access to and abuse of personal information. The courts have laid down a test as to what may be deemed unlawful or lawful access and exchange of an individual’s personal information. The POPIA places obligations on responsible parties and operators to comply with the conditions for lawful processing of personal information.
Amongst other important provisions, the Act places an obligation on responsible parties to disclose breaches of information, to provide data subjects with remedies where the Act makes provision for them and it confers authority upon the Information Regulator to impose severe penalties for such conduct. The Protection of Personal Data has its antecedents from historically unjust occurrences relating to information abuse such as that conducted by the Nazi Gestapo and East German police state for societal control since the early 20th Century, as well as apartheid.
The webinar will cover the meaning and application of the 8 (eight) conditions for lawful processing of personal
information found in sections 8 to 25 of the Act. The conditions are (a) accountability (s 8); (b) processing limitation (ss 9 to 12); (c) purpose specification (ss 13 and 14); (d) further processing limitation (s 15); (e) information quality (s 16); (f) openness (ss 17 and 18); (g) security safeguards (ss 19 to 22); and (h) data subject participation (ss 23 to 25).
Some of the salient provisions of the Act are found in Chapter 11, which stipulates punitive action that may be instituted on persons who violate the provisions of the Act. In this way, the Act actually regulates the manner in which perpetrators contravening the POPIA ought to be dealt with in the event that there is unlawful interference with protected personal information by spelling out offences and sanctions.
Benefits of attending
Taking into account that the important piece of legislation known as the Cybercrimes Bill, 2018 was passed in Parliament alongside the remaining sections of the the Act on 1 July 2020, it is accepted that the time for all types of entities processing personal information to be compliant with the Act and observe cybersecurity and data protection laws to protect the right to privacy, is now. The webinar, therefore, poises attendees for all the latest information relating to legal compliance of data protection laws with practical examples of the application of the laws to present day scenarios.
Prof Sizwe Lindelo Snail ka Mtuze holds a Baccalareus Legum (LLB) from the University of Pretoria with Tax Law and Cyberlaw electives and an LLM degree from Unisa. He is a practising legal practitioner with the law firm, Snail Attorneys at Law. He is an International Co-ordinator of the African Centre for Cyberlaw and Crime Prevention based in Kampala, Uganda also as an (LLM) from UNISA.
Prof Snail is also the author of various articles on cyber law inaccredited and non accredited journals both locally and internationally and has given ad hoc lectures for the Law Society of South Africa (LSSA), Association of Certified Fraud Examiners, University of Johannesburg, Fort Hare University and University of Pretoria and comments on cyber law in various South African newspapers and radio talk shows.
He also presents papers and attends both local and international conferences. He is also co-editor and author of the third Edition of Cyberlaw@SA. He also does corporate presentations, regularly gives opinions to both the private and government sectors, as well as individualised legal compliance testing, including in-house workshops and training for various private companies and government institutions both in South Africa and in Central, West and East Africa.
Sizwe has served as a member on the ICT REVIEW Panel of the Department of Telecommunications and Postal Services (DTPS), serving as the Chairperson of the E-commerce Committee (Digital Society as renamed ) within the panel sub-committees. Snail ka Mtuze also currently serves on the National Cyber Security advisory Counsel of the DPTS. Sizwe is a member of South African Information Regulators since 2015.
He has also served as Chairperson for the LSSA, E-Law Committee (2013 – 2020). He is also a Trainee Adjudicator at the South African Institute of intellectual Property Law, (SAIIPL) specialising in, Domain Disputes. He is also co-founding member of the Annual Cyberlaw Conference and the Annual Lex-Informatica (2008 – 2020). Sizwe ka Mtuze is also a WASPA Adjudicator (2008 – 2016) and a Research Fellow in the field of Cyberlaw with the University of Fort Hare since 2014. Sizwe has recently been appointed as Adjunct Professor in the Mercantile Law Department of Nelson Mandela University Law Faculty.