the 4-ps of popi - it...

The 4-Ps of POPI and why CIO’s won’t achieve compliance

Policies | People | Partners | Privacy

Brought to you by and copyright owned by Clearwood Consulting

Caroline Mouton Consultant [email protected] 074 615 6839 @popicompliance #CIOPOPIChallenge

Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 2

mailto:[email protected]



Where’s the risk…really?

Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting

Data breach due to negligent or malicious employees or other insiders?

Root Causes of data breach incidents



Ponemon Institute, 2012, The Human Factor in Data Protection

People being clueless, careless or distracted

and/or

3rd Party organisation blunders

Torben Rick, Organizational culture is like an iceberg 26/11/2014, https://goo.gl/t6Rg9J

A sad story…

7

Company Culture


Your assumptions,

practices & policies don’t

mean much in a different

cultural context

“Security culture reflects the beliefs and values of the people that make up your organization.”

Lance Hayden | MD Berkeley Research Group | Building a Stronger Security Culture to Mitigate Risk (Diane Ritchey, 1/7/2016, SecurityMagazine.com)


Managing Partners needs more than contracts Culturally aware communication is key!


“harnessing the power of people and culture is the next great frontier for information security.”

Lance Hayden | MD Berkeley Research Group | Building a Stronger Security Culture to Mitigate Risk (Diane Ritchey, 1/7/2016, SecurityMagazine.com)


ISO/IEC 38500 Corporate governance of information technology ITGI Enables IS0/IEC 38500:2008 Adoption


Principle 6— Human Behaviour The implementation of any IT-

enabled change, including IT governance itself,

usually requires significant cultural and behavioural change within enterprises as well as with customers and business partners.

... Directors must clearly communicate goals

Policies

Partners

People

The 4-P’s of POPI

Policies

Partners

People

Privacy


The 4-P’s of POPI

Privacy

People

Partners

Policies


Appeal to values rather than practices

TEDTalks: Start with Why | Simon Sinek


What

How

Why

Discrimination & Unfair Conclusions


Accidental disclosure: social media


Good leaders make you feel safe

TEDTalks: Why good leaders make you feel safe | Simon Sinek


A true story…


Tristan Coopersmith, How to Survive All Seven Stages of a Brutal Breakup 21/2/2017, https://goo.gl/WQnN5P

Be careful of using fear to

drive compliance, provide a

way out.

Taking POPI to Staff & Partners: Persuasive Comms 101

Excessive fear has an immunising effect and the communicators motives are viewed with suspicion

Some fear is effective if you also tell them how to avoid consequences

Inducing guilt can be effective, but is really okay?

Discourse is most effective: Discussion, debate, open expression

Groups tend to form opinions that are stronger than individually held opinions in an effect called Group Polarisation


“One of the most formidable challenges of business leaders is getting large groups of people to work productively towards a common purpose.”

Deloitte | Insights | As One: Individual Action, Collective Power


Why CIO’s won’t achieve compliance

Policies

Partners

People

Privacy


POPI Compliance… It’s always personal!


Compliance is easier when everyone pulls together towards a common purpose

Contact me about workshops to unpack POPI as a cultural expression of your vision and values

[email protected]

@popicompliance

linkedin.com/carolinemouton

1. Get Started

2. Get Informed

3. Get Sorted

4. Get Help




the 4-ps of popi - it...

Documents