Protection of Personal Information Act: Managing Operators

RESPONSIBLE PARTIES ARE LIABLE FOR THE UNLAWFUL PROCESSING OF PERSONAL INFORMATION BY THEIR OPERATORS

The POPI Act stipulates that every public and private body making use of operators must ensure that operators who process personal information for the responsible party, establish and maintain generally accepted information security practices and procedures which may apply to it generally or specifically.

Overview

The POPI Act requires accountability for any processing of personal information. Heads of public bodies, CEOs of private bodies and the business leaders identified as “responsible parties” who control the purpose and means for processing information are required to ensure compliance with the conditions of lawfully processing personal information set out in the Act.

The responsible party must clarify, in written contracts with its operators and other service providers, the services the operators are commissioned to provide. The transfer of personal information to the operator must be limited to what is necessary for the operator to fulfil its contractual obligations.

Operators may not process personal information unless commissioned by responsible parties and the purpose is compatible with the original purpose of collection.

Seminar Objectives

Participants will gain a general understanding of the legal obligations placed on Responsible Parties to manage operators and other service providers. On completion of this 1 day seminar, participants will be able to:

Seminar Outline

Participants will learn through discussion and practical examples how to commission and manage operators engaged by the responsible parties to provide services that process personal information.

This seminar includes topics about: