the 4-ps of popi - it...
TRANSCRIPT
The 4-Ps of POPI and why CIO’s won’t achieve compliance
Policies | People | Partners | Privacy
Brought to you by and copyright owned by Clearwood Consulting
Caroline Mouton Consultant [email protected] 074 615 6839 @popicompliance #CIOPOPIChallenge
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 2
Where’s the risk…really?
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting
Data breach due to negligent or malicious employees or other insiders?
Root Causes of data breach incidents
Where’s the risk…really?
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting
Ponemon Institute, 2012, The Human Factor in Data Protection
People being clueless, careless or distracted
and/or
3rd Party organisation blunders
Where’s the risk…really?
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting
Torben Rick, Organizational culture is like an iceberg 26/11/2014, https://goo.gl/t6Rg9J
A sad story…
7
Company Culture
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 9
Your assumptions,
practices & policies don’t
mean much in a different
cultural context
“Security culture reflects the beliefs and values of the people that make up your organization.”
Lance Hayden | MD Berkeley Research Group | Building a Stronger Security Culture to Mitigate Risk (Diane Ritchey, 1/7/2016, SecurityMagazine.com)
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 10
Managing Partners needs more than contracts Culturally aware communication is key!
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 11
“harnessing the power of people and culture is the next great frontier for information security.”
Lance Hayden | MD Berkeley Research Group | Building a Stronger Security Culture to Mitigate Risk (Diane Ritchey, 1/7/2016, SecurityMagazine.com)
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 12
ISO/IEC 38500 Corporate governance of information technology ITGI Enables IS0/IEC 38500:2008 Adoption
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 13
Principle 6— Human Behaviour The implementation of any IT-
enabled change, including IT governance itself,
usually requires significant cultural and behavioural change within enterprises as well as with customers and business partners.
... Directors must clearly communicate goals
Policies
Partners
People
The 4-P’s of POPI
Policies
Partners
People
Privacy
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 14
The 4-P’s of POPI
Privacy
People
Partners
Policies
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 15
Appeal to values rather than practices
TEDTalks: Start with Why | Simon Sinek
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 16
What
How
Why
Discrimination & Unfair Conclusions
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 18
Accidental disclosure: social media
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 19
Good leaders make you feel safe
TEDTalks: Why good leaders make you feel safe | Simon Sinek
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 20
A true story…
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 21
Tristan Coopersmith, How to Survive All Seven Stages of a Brutal Breakup 21/2/2017, https://goo.gl/WQnN5P
Be careful of using fear to
drive compliance, provide a
way out.
Taking POPI to Staff & Partners: Persuasive Comms 101
Excessive fear has an immunising effect and the communicators motives are viewed with suspicion
Some fear is effective if you also tell them how to avoid consequences
Inducing guilt can be effective, but is really okay?
Discourse is most effective: Discussion, debate, open expression
Groups tend to form opinions that are stronger than individually held opinions in an effect called Group Polarisation
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 22
“One of the most formidable challenges of business leaders is getting large groups of people to work productively towards a common purpose.”
Deloitte | Insights | As One: Individual Action, Collective Power
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 23
Why CIO’s won’t achieve compliance
Policies
Partners
People
Privacy
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 24
POPI Compliance… It’s always personal!
Copyright © 2016 popi-compliance.co.za an initiative of Clearwood Consulting 25
Compliance is easier when everyone pulls together towards a common purpose
Contact me about workshops to unpack POPI as a cultural expression of your vision and values
@popicompliance
linkedin.com/carolinemouton
1. Get Started
2. Get Informed
3. Get Sorted
4. Get Help