Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Welcome all delegates to
PoPIA Workshop
Centurion Golf Estate
12 April 2018
2
Presented by
Dr Peter Tobin
CGEIT, PMIITPSA, PMP
POPI Act Compliance
For
Local Government
3
Workshop Introduction
• Welcome, introduction to delegates
• Workshop administrative arrangements
• Workshop objectives & agenda
• Review of delegate materials
April 2018 Copyright Dr Peter Tobin, 2018
4
Workshop Objectives
Demonstrate a clear understanding of
• What you need to do about Protection of Personal Information
• Where Protection of Personal Information rules apply
• Who needs to take action on the POPI Act
• When to take action on Data Privacy & Protection of Personal Information
• How to apply POPI Act compliance in practice
April 2018 Copyright Dr Peter Tobin, 2018
5
Agenda - Morning session up to tea break
• Topic 1: Workshop Introduction - 08:30 to 08:45
• Welcome, introduction to delegates
• Workshop Objectives & Agenda
• Workshop administrative arrangements & review of delegate materials
• Topic 2: Introduction to the Protection of Personal Information Act
(POPIA) - 08:45 to 09:30
• History and evolution of POPIA legislation in South Africa
• The 8 conditions of POPIA
• Other compliance requirements
• Topic 3: Why POPIA matters - 09:30 to 10:15
• Compliance with laws and regulations
• Codes of conduct
• POPIA “Stick & Carrot”
April 2018 Copyright Dr Peter Tobin, 2018
6
Agenda - Morning session up to lunch
• Topic 4: What you need to do about Data Privacy & POPIA - 10:40 to
11:30
• What are Data Privacy & POPIA?
• What is the scope of impact?
• What action is required?
• Topic 5: Where Data Privacy & POPIA rules apply - 11:30 to 12:15
• Types of organisation
• Global geographic context
• Data and data subjects
April 2018 Copyright Dr Peter Tobin, 2018
7
Agenda - Afternoon session up to tea break
• Topic 6: Special issues re Data Privacy & POPIA - 13:00 to 13:45
• Cloud computing
• Bring Your Own Device
• Mobile devices
• Topic 7: Practical examples of POPIA non-compliance - 13:45 to 14:45
• Violation examples presentation
• Violation examples exercise
• Violation examples and discussion
April 2018 Copyright Dr Peter Tobin, 2018
8
Agenda - Afternoon session up to close
• Topic 8: Summative assessment - 15:00 to 15:45
• 20 question multiple choice assessment
• Workshop closure activities - 15:45 to 16:30
• Personal action plan
• Workshop feedback
• Recognition of achievements
• Closing ceremony including team and individual photographs
Day closes at 16:30
April 2018 Copyright Dr Peter Tobin, 2018
9
Review of materials
• Please refer to your workshop materials
April 2018 Copyright Dr Peter Tobin, 2018
10
Agenda - Morning session up to tea break
• Topic 1: Workshop Introduction - 08:30 to 08:45
• Welcome, introduction to delegates
• Workshop Objectives & Agenda
• Workshop administrative arrangements & review of delegate materials
• Topic 2: Introduction to the Protection of Personal Information Act
(POPIA) - 08:45 to 09:30
• History and evolution of POPIA legislation in South Africa
• The 8 conditions of POPIA
• Other compliance requirements
• Topic 3: Why POPIA matters - 09:30 to 10:15
• Compliance with laws and regulations
• Codes of conduct
• POPIA “Stick & Carrot”
April 2018 Copyright Dr Peter Tobin, 2018
11
Introduction to the Protection of Personal Information Act (POPIA)
• History and evolution of POPIA legislation in South Africa
• Privacy is addressed in the Constitution of the Republic of South Africa,
1996 - Chapter 2: Bill of Rights, section 14 Privacy
• Everyone has the right to privacy, which includes the right not to have
a) their person or home searched;
b) their property searched;
c) their possessions seized; or
d) the privacy of their communications infringed.
April 2018 Copyright Dr Peter Tobin, 2018
12
Introduction to the Protection of Personal Information Act (POPIA)
• Access to information is addressed in the Constitution of the Republic of
South Africa, 1996 - Chapter 2: Bill of Rights, section 32 Access to
Information
• 32. Access to information
• Everyone has the right of access to
a) any information held by the state; and
b) any information that is held by another person and that is required
for the exercise or protection of any rights.
April 2018 Copyright Dr Peter Tobin, 2018
13
Introduction to the Protection of Personal Information Act (POPIA)
• POPIA was a Bill up to November 2013 when it received the assent of the
President and appeared in the Government Gazette as Act No. 4 of 2013
• In April 2014 partial commencement of the POPI Act occurred to support
the establishment of the Information Regulator South Africa (InfoRegSA)
• The InfoRegSA core team took office in December 2016
• Full commencement of POPIA is expected in 4Q2018
• There will be a 12 month transition period, unless extended by the Minister
April 2018 Copyright Dr Peter Tobin, 2018
14
Introduction to the Protection of Personal Information Act (POPIA)
• The 8 conditions of POPIA
• They are modeled on the principles found in the OECD and EU approach
• Accountability
• Processing Limitation
• Purpose Specification
• Further Processing Limitation
• Information Quality
• Openness
• Security safeguards
• Data Subject Participation
April 2018 Copyright Dr Peter Tobin, 2018
15
Introduction to the Protection of Personal Information Act (POPIA)
• Accountability = assigning ownership in your business;
• Processing Limitation = processing information for lawful reasons and in a
manner that does not infringe privacy;
• Purpose Specification =only obtaining and holding personal information
for a specific purpose;
• Further Processing Limitation = Further processing of personal information
must be compatible with the purpose for which it was collected;
April 2018 Copyright Dr Peter Tobin, 2018
16
Introduction to the Protection of Personal Information Act (POPIA)
• Information Quality = information is complete and accurate;
• Openness = being honest about collection and processing;
• Security safeguards = using reasonable technical and organisational
measures;
• Data Subject Participation = an individual may request the information is
accessed, deleted or corrected.
April 2018 Copyright Dr Peter Tobin, 2018
17
Introduction to the Protection of Personal Information Act (POPIA)
April 2018 Copyright Dr Peter Tobin, 2018
18
Introduction to the Protection of Personal Information Act (POPIA)
April 2018 Copyright Dr Peter Tobin, 2018
19
Introduction to the Protection of Personal Information Act (POPIA)
April 2018 Copyright Dr Peter Tobin, 2018
20
Introduction to the Protection of Personal Information Act (POPIA)
• Other compliance requirements
• Special PI
• Children
• Rights of Data Subjects
• Information Officer Appointment
• Electronic Direct Marketing
• Transborder flows
April 2018 Copyright Dr Peter Tobin, 2018
21
Why POPIA matters
• Compliance with laws and regulations• Basic Conditions of Employment Act 75 of 1997
• Companies Act 71 of 2008
• Compensation for Occupational Injuries and Diseases Act 130 of 1993
• Consumer Protection Act 68 of 2008
• Electronic Communications and Transactions Act 25 of 2005
• Employment Equity Act 55 of 1998
• Income Tax Act 58 of 1962
• Insolvency Act 24 of 1936
• Labour Relations Act 66 of 1995
• Occupational Health and Safety Act 85 of 1993
• Promotion of Access to Information Act 2 of 2000
• Protection of Personal Information Act 4 of 2013
• The Regulation of Interception of Communications & Provision of Communication-Related
Information Act 70 of 2002
• Skills Development Levies Act 9 of 1999
• Unemployment Insurance Act 63 of 2002
• Value Added Tax Act 89 of 1991
April 2018 Copyright Dr Peter Tobin, 2018
22
Why POPIA matters
• Codes of conduct
April 2018 Copyright Dr Peter Tobin, 2018
23
Why POPIA matters
• POPIA “Stick & Carrot”
• POPIA stick: reactive and based on a negative impact for non-
compliance
• Fines
• Reputation damage
• POPIA carrot: proactive and based on a positive impact for compliance
• Product and service innovation
• Reputation enhancement
April 2018 Copyright Dr Peter Tobin, 2018
24
Agenda - Morning session up to lunch
• Topic 4: What you need to do about Data Privacy & POPIA - 10:40 to
11:30
• What are Data Privacy & POPIA?
• What is the scope of impact?
• What action is required?
• Topic 5: Where Data Privacy & POPIA rules apply - 11:30 to 12:15
• Types of organisation
• Global geographic context
• Data and data subjects
April 2018 Copyright Dr Peter Tobin, 2018
25
What you need to do about Data Privacy & POPIA
• What are Data Privacy & POPIA?
• Data privacy
• Is part of ethical business approach
• Requires leadership and accountability
• Demonstrates integrity
• Thrives with direction & oversight
• POPIA
• Is a specific legal interpretation that looks at personal information only
April 2018 Copyright Dr Peter Tobin, 2018
26
What you need to do about Data Privacy & POPIA
• What is the scope of impact?
• POPIA addresses living individuals and juristic entities
• All organisations that process personal information
• Exemptions apply
• Certain activities of the state
• Journalistic activities
• International law enforcement
• Regulator may also exempt for specific reasons
• Household activities
April 2018 Copyright Dr Peter Tobin, 2018
27
What you need to do about Data Privacy & POPIA
POPIA Act impact areas
April 2018 Copyright Dr Peter Tobin, 2018
1. Acquisition & disposition to other parties of personal information
2. Appointment of Information Officer
3. Company newsletters, notice boards
4. Company secretary5. Competitor information6. Compliance audits7. Consent records / denial
records8. Contract management /
procurement
9. Contractual agreements
10. Creditors
11. Day-to-day email and other
communications
12. Debtors
13. Document retention periods
14. General Accounting systems including
payroll
15. Government and community relations
16. Human Resources, including induction,
training, record keeping
17. Insurance policies
28
What you need to do about Data Privacy & POPIA
POPIA Act impact areas
April 2018 Copyright Dr Peter Tobin, 2018
18. Legal affairs19. Maintenance records20. Marketing, including
implications for documentation and on-line resources
21. Media and public relations22. Newsletters to subscribers23. On-site and off-site
information storage24. Other relevant legislation (e.g.
CPA, ECTA, LRA, OHSA, SDL, UIA)
25. PAIA Manual
26. Personal information destruction policies and procedures
27. Policy management28. Privacy Notices29. Safety and security, including access
control30. Sales, including records
management, proposals and contracts
31. Service agreements, in particular IT outsourcing
32. Surveys and competitions, 33. Time management systems34. Web site
29
What you need to do about Data Privacy & POPIA
• What action is required?
• A comprehensive review of the current state of compliance
• This typically reveals one or more gaps between the current and required
level of compliance
• “Reasonable and appropriate” is key
April 2018 Copyright Dr Peter Tobin, 2018
30
What you need to do about Data Privacy & POPIA
• Board responsibilities
• Governance starts at board or governing body level
• Board needs to set direction and provide oversight
• Looks at risk and value
• Takes long term, externally oriented view
• Hold ultimate accountability to external and internal stakeholders
April 2018 Copyright Dr Peter Tobin, 2018
31
What you need to do about Data Privacy & POPIA
• Executive management responsibilities
• POPI Act defined Designated Head as accountable through the
Promotion of Access to Information Act (PAIA)
• Accountability for Designated Head (CEO) cannot be delegated in
private organisations
• Accountability can be delegated for public bodies
• Both public and private bodies may appoint deputies to assist with
compliance activities
April 2018 Copyright Dr Peter Tobin, 2018
32
What you need to do about Data Privacy & POPIA
• Other responsibilities
• Multiple roles can be defined both inside and outside the organisation,
e.g.
Internal and External Audit
Information and Record Owners
Service providers & Operators
Employees
April 2018 Copyright Dr Peter Tobin, 2018
33
What you need to do about Data Privacy & POPIA
Step 1: Initiate
• Set yourself up for success by formalising your compliance activities
• Establish a compliance preparation project
• Ensure you have proper authorisation and funding: we recommend a project
charter is drawn up and approved by the project sponsor
• Update and sign the Project Charter
• Update and sign the Information Officer and Deputy Information Officer
appointment letters
• Develop a preliminary plan of action
• Ensure you identify and engage your stakeholders
April 2018 Copyright Dr Peter Tobin, 2018
34
What you need to do about Data Privacy & POPIA
Step 2: Assess
• Develop a solid business case based on impact area identification, costs and
benefits of your compliance preparation project (optional)
• Complete a structured compliance assessment in terms of the requirements
in the POPI Act
• Use the IACT-Africa Compliance Assessment Tools to discover areas for
remediation to address the requirements of the POPI Act; this can include
up to 17 assessments and hundreds of assessment questions depending on
what is reasonable and appropriate
• Document the assessments completed
April 2018 Copyright Dr Peter Tobin, 2018
35
What you need to do about Data Privacy & POPIA
Step 3: Consider
• In light of the Step 2 assessments, consider the areas that require remedial
action to achieve an acceptable level of risk in terms of achieving
compliance
• Consider what process, procedural, documentation, technical and
contractual changes need to be made
• Consider the entire Personal Information (PI) life cycle from acquisition
through ultimate disposal
• Consider all the organizational and technical factors for success (e.g. HR, IT,
processes)
• Obtain approval for a plan to achieve the required level of compliance
April 2018 Copyright Dr Peter Tobin, 2018
36
What you need to do about Data Privacy & POPIA
Step 4: Translate
• Translate your plans into action, with clearly defined objectives and
milestones to achievement
• Translate the conditions for lawful processing into specific evidence of your
remediation plan taking effect
• Translate your short term compliance preparation project into a long term
compliance commitment
• Translate the cost of compliance into the benefits of compliance
April 2018 Copyright Dr Peter Tobin, 2018
37
Where Data Privacy & POPIA rules apply
• Types of organisation
• No organisation is exempt
• Regardless of size
• Regardless of ownership structure
• Regardless of sector
• Certain exemptions apply as previously discussed
April 2018 Copyright Dr Peter Tobin, 2018
38
Where Data Privacy & POPIA rules apply
• Global geographic context
• Global and regional initiatives have been underway for some years
• Key for SA is the status of our trading partners
• Biggest impact is likely to be from the EU General Data Protection
Regulation
April 2018 Copyright Dr Peter Tobin, 2018
39
Where Data Privacy & POPIA rules apply
• Global geographic context
April 2018 Copyright Dr Peter Tobin, 2018
40
Where Data Privacy & POPIA rules apply
• Regional geographic context
• Some countries on the continent are more advanced than South Africa
e.g. Ghana, Tunisia, Mauritius
• There are multiple regional initiatives
• SADC
• ECOWAS
• East Africa
• AU
April 2018 Copyright Dr Peter Tobin, 2018
41
Where Data Privacy & POPIA rules apply
• Regional - Privacy laws in Africa
April 2018 Copyright Dr Peter Tobin, 2018
42
Where Data Privacy & POPIA rules apply
• Global
geographic
context
April 2018 Copyright Dr Peter Tobin, 2018
43
Where Data Privacy & POPIA rules apply
• POPI Act role definitions
• Data subject: Living individual or juristic entity from whom PI is collected
or about whom PI is processed
• Responsible Party: Organisation or individual processing the PI
• Operator: Service provider processing on behalf of the Responsible Party
April 2018 Copyright Dr Peter Tobin, 2018
44
Where Data Privacy & POPIA rules apply
• Data and data subjects
• Data: Personal information is broadly defined, includes about or leading
to a data subject
• Data includes “Special” personal information of a more sensitive kind
e.g. medical & criminal
• Data subjects: Living individual or juristic entity
• Data subjects include customers, suppliers, employees, other
stakeholders; citizens; companies; government entities
April 2018 Copyright Dr Peter Tobin, 2018
45
Where Data Privacy & POPIA rules apply
The POPI Act: 50 types of PI
April 2018 Copyright Dr Peter Tobin, 2018
46
Where Data Privacy & POPIA rules apply
The POPI Act: 20 record types
April 2018 Copyright Dr Peter Tobin, 2018
47
Where Data Privacy & POPIA rules apply
The POPI Act: Processing types
April 2018 Copyright Dr Peter Tobin, 2018
48
Agenda - Afternoon session up to tea break
• Topic 6: Special issues re Data Privacy & POPIA - 13:00 to 13:45
• Cloud computing
• Bring Your Own Device
• Mobile devices
• Topic 7: Practical examples of POPIA non-compliance - 13:45 to 14:45
• Violation examples presentation
• Violation examples exercise
• Violation examples and discussion
April 2018 Copyright Dr Peter Tobin, 2018
49
Special issues re Data Privacy & POPIA
Cloud computing
• Transborder refers to PI leaving South Africa
• There are no restrictions on PI entering South Africa
• Transborder PI restrictions are intended to protect PI in other jurisdictions
• This protection can be achieved through various means
• Proof of adequate protection
• Contracts (binding agreement)
• Binding Corporate Rules
April 2018 Copyright Dr Peter Tobin, 2018
50
Special issues re Data Privacy & POPIA
Cloud computing
• Cloud computing carries specific and different risk to on-site management
of PI
• Multiple standards and frameworks exist e.g.
• ISO
• COBIT®5 Security
• ENISA
• CSA
• NIST
April 2018 Copyright Dr Peter Tobin, 2018
51
Special issues re Data Privacy & POPIA
Bring Your Own Device
• Ownership of the device does not alter the need to protect the data
subject PI
• BYOD should be included as part of an overall risk assessment
• BYOD can be addressed by a combination of organisational (e.g. policies,
training, monitoring & oversight) and technical (e.g. electronic measures)
remediation steps
April 2018 Copyright Dr Peter Tobin, 2018
52
Special issues re Data Privacy & POPIA
Mobile devices
• Should be included as part of an overall risk assessment
• Represent a potentially high level of probability of loss or compromise
• Represent a potentially high level of impact if compromised
• Some devices could be eliminated (e.g. USB sticks)
• Adequate protections would include encryption and other mobile device
management methods
April 2018 Copyright Dr Peter Tobin, 2018
53
Practical examples of POPIA non-compliance
Violation examples presentation
April 2018 Copyright Dr Peter Tobin, 2018
Loss or theft of paperwork 70
Data posted or faxed to incorrect recipient 83
Data sent by email to incorrect recipient 88
Insecure webpage (including hacking) 59
Loss or theft of unencrypted device 30
Insecure disposal of paperwork 15
Failure to redact data 13
Information uploaded to webpage 10
Verbal disclosure 3
Insecure disposal of hardware 2
Other principle 7 failure (security incident) 124
TOTAL 49754
Practical examples of POPIA non-compliance
UK Regulator incident report Oct-Dec 2015
April 2018 Copyright Dr Peter Tobin, 2018
55
Practical examples of POPIA non-compliance
Open computer data breach
April 2018 Copyright Dr Peter Tobin, 2018
56
Practical examples of POPIA non-compliance
Incorrect addressee data breach
April 2018 Copyright Dr Peter Tobin, 2018
57
Practical examples of POPIA non-compliance
Incorrect attachment data breach
April 2018 Copyright Dr Peter Tobin, 2018
58
Practical examples of POPIA non-compliance
Inaccurate addressee data breach
April 2018 Copyright Dr Peter Tobin, 2018
59
Practical examples of POPIA non-compliance
Disclosure of PI data breach
April 2018 Copyright Dr Peter Tobin, 2018
60
Practical examples of POPIA non-compliance
Sticky notes with PI data breach
April 2018 Copyright Dr Peter Tobin, 2018
61
Practical examples of POPIA non-compliance
Confidential documents data breach
April 2018 Copyright Dr Peter Tobin, 2018
62
Practical examples of POPIA non-compliance
Waste / recycle bin data breach
April 2018 Copyright Dr Peter Tobin, 2018
63
Practical examples of POPIA non-compliance
Smartphone unsecured data breach
April 2018 Copyright Dr Peter Tobin, 2018
64
Practical examples of POPIA non-compliance
Lost keys data breach
April 2018 Copyright Dr Peter Tobin, 2018
65
Practical examples of POPIA non-compliance
Lost digital items data breach
April 2018 Copyright Dr Peter Tobin, 2018
66
Practical examples of POPIA non-compliance
Open file data breach
April 2018 Copyright Dr Peter Tobin, 2018
67
Practical examples of POPIA non-compliance
USB data breach
April 2018 Copyright Dr Peter Tobin, 2018
68
Practical examples of POPIA non-compliance
Unsecured access card data breach
April 2018 Copyright Dr Peter Tobin, 2018
69
Practical examples of POPIA non-compliance
Forgotten printer document data breach
April 2018 Copyright Dr Peter Tobin, 2018
70
Practical examples of POPIA non-compliance
Forgotten PI on the whiteboard data breach
April 2018 Copyright Dr Peter Tobin, 2018
71
Practical examples of POPIA non-compliance
OK, now the real test……
• On the next slide you will see a number of possible data privacy violations
• Work with your partner to see how many you can identify
• Use your answer sheet to capture your observations
• CLUE: there’s more than 15 violations to find
April 2018 Copyright Dr Peter Tobin, 2018
© John Cato & Dr Peter Tobin, 2016. All rights reserved72
insert date
© John Cato & Dr Peter Tobin, 2016. All rights reserved73
insert date
14
74
Practical examples of POPIA non-compliance
Violation examples exercise
April 2018 Copyright Dr Peter Tobin, 2018
75
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
76
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
77
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
78
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
79
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
80
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
81
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
82
Practical examples of POPIA non-compliance
April 2018 Copyright Dr Peter Tobin, 2018
83
Practical examples of POPIA non-compliance
Violation examples and discussion
April 2018 Copyright Dr Peter Tobin, 2018
84
Practical examples of POPIA non-compliance
Global
• There are too many examples of failures to manage data privacy to mention
them all here
• Key examples well documented include
• Yahoo
• Talk Talk
April 2018 Copyright Dr Peter Tobin, 2018
85
Practical examples of POPIA non-compliance
Yahoo boss Marissa Mayer loses out on millions in bonuses over hacks
• An internal probe found that executives at the firm reacted too slowly after
discovering evidence of a security breach in 2014
• Security breaches at the internet giant exposed the personal information of
more than a billion users
• Yahoo! Is taking a $350 million hit on its previously announced $4.8 billion
sale to Verizon in a concession for security lapses that exposed personal
information stored in more than 1 billion Yahoo! User accounts
April 2018 Copyright Dr Peter Tobin, 2018
Source: news.sky.com 2 March 2017
86
Practical examples of POPIA non-compliance
The indictment charges two officers of the FSB, Russia's Federal Security
Service, and two hackers who allegedly worked hand-in-hand with them to
crack 500 million Yahoo user accounts….. The Russian government had no
official comment on the charges in the Yahoo case. Source: Reuters, 16 March
2017
April 2018 Copyright Dr Peter Tobin, 2018
87
Practical examples of POPIA non-compliance
National
• Several well publicized cases of data loss e.g.
Theft of passports and visa from UK High Commission
Theft of laptops from Office of Chief Justice
Theft of laptops from SABC parliament precinct office
• Suspected many more go unreported at present
April 2018 Copyright Dr Peter Tobin, 2018
88
Practical examples of POPIA non-compliance
Would you trust this person with your information?
April 2018 Copyright Dr Peter Tobin, 2018
“Chief Justice MogoengMogoeng’s offices burgled”
Luckily, this is not his office!
89
Practical examples of POPIA non-compliance
Chief Justice Mogoeng Mogoeng’s offices burgled
April 2018 Copyright Dr Peter Tobin, 2018
“Fifteen computers in the
human resources unit
which contained important
information about judges in
the country, officials in the
office of the chief justice, the
Constitutional Court, high
courts, Supreme Court of
Appeal and other specialists
courts were stolen.”
Points to ponder
• Risk assessment?
• Security policy?
• Security measures in place?
• Training?
• Threat monitoring?
• Data recovery?
• Data loss management?
Source: http://citizen.co.za/news/news-
national/1461845/chief-justice-
mogoeng-mogoengs-offices-burgled/
90
Agenda - Afternoon session up to close
• Topic 8: Summative assessment - 15:00 to 15:45
• 20 question multiple choice assessment
• Workshop closure activities - 15:45 to 16:30
• Personal action plan
• Workshop feedback
• Recognition of achievements
• Closing ceremony including team and individual photographs
Day closes at 16:30
April 2018 Copyright Dr Peter Tobin, 2018
91
Workshop assessment
• This is an individual assessment
• There are 20 multiple-choice questions
• 1 point for correct answers
• 0 points for blank or incorrect
• Good luck……..you need to be quick as the questions will not be shown for
long and no second views!
April 2018 Copyright Dr Peter Tobin, 2018
92
Workshop closure activities
• Personal action plan
• Workshop feedback
• Recognition of achievements
• Closing ceremony including team and individual photographs
April 2018 Copyright Dr Peter Tobin, 2018
93
Workshop close and next steps
• Please discuss with your neighbour your key learning points
• Start to make POPI Act compliance part of the way you work
• For more information about the POPI Act please visit http://smetoolkit.businesspartners.co.za/en/legalinsurance/compliance-popi
• Thank you for your attendance
April 2018 Copyright Dr Peter Tobin, 2018
94
Workshop closure activities
A Moment (or two) of reflection
• What were my most significant learning opportunities from the workshop?
.......................................................................................................
.......................................................................................................
.......................................................................................................
• What did I already know that was reinforced by what I heard and saw?
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
95
Workshop closure activities
A Moment (or two) of reflection
• What previously held assumptions and beliefs were overturned?
.......................................................................................................
.......................................................................................................
.......................................................................................................
• What stimulated me most?
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
96
Workshop closure activities
Action Items List
• Top 3 things to STOP doing
.......................................................................................................
.......................................................................................................
.......................................................................................................
• Top 3 things to START doing
.......................................................................................................
.......................................................................................................
.......................................................................................................
• Top 3 things to CONTINUE doing
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
97
Workshop closure activities
Personal Action Plan
• Within 5 days I will:
.......................................................................................................
.......................................................................................................
.......................................................................................................
• Within 20 days I will:
.......................................................................................................
.......................................................................................................
.......................................................................................................
April 2018 Copyright Dr Peter Tobin, 2018
98
Workshop closure activities
Workshop feedback
• Please complete the workshop feedback form to enable us to learn from
your experience
• We value your feedback which will be taken into account when planning
future programmes.
April 2018 Copyright Dr Peter Tobin, 2018
99
Workshop closure activities
Awards and recognition
April 2018 Copyright Dr Peter Tobin, 2018
100
Workshop closure activities
THANK YOU FOR YOUR PARTICIPATION
PLEASE TRAVEL HOME SAFELY
April 2018 Copyright Dr Peter Tobin, 2018