How will it help you?

The tool is in the form of a spreadsheet. Its purpose is to identify the types of personal information(PI) you collect, store and use.

It focuses on:

1. Customer PI that you hold; and
2. Employee PI that you hold.

Customer PI

The assessment usual involves the following, but will be tailored for your specific needs:

1. We provide you with the privacy program tool (in the form of a spreadsheet) and related reading material, including a copy of the PPI Bill with our highlighting and comments
2. You read the PPI Bill and related material
3. You complete the Map of activities with our support – you know your business best and are in the best position to complete it. This is a critical step. When you complete the map, you are required to identify your existing PI and compile an inventory of  PI (in our experience, the business areas that our most likely to have or use PI include legal, HR, finance, tax, IT, security, marketing, sales, customer service)
   • The privacy program tool also requires you to break down your PI by type or category of data (e.g. health related) so that’s all applicable laws can be identified (e.g. various labour laws cover AIDS information under general unfair discrimination provisions which HR needs to be aware of).
   • has specific laws governing the treatment of AIDS information)
   • The tool also requires you to identify the media on which PI is stored, including hard paper copies, network computers, laptop computers, personal digital assistants (as this is all relevant to the data breach notification requirements under our pending new privacy legislation)
4. We research and get to know your business, especially as it relates to personal information
5. We ask you questions to improve our understanding
6. We review any written policies and procedures that govern the handling of PI, including existing data/record retention policies
7. We review your contracts with third parties that authorise the sharing will transfer of PI to those third parties (which are reviewed by us to ensure that all third parties who receive PI from you meet or exceed the privacy standards imposed by you)
8. We hold one or more workshops of about three hours in length to brainstorm and resolve issues – many minds working together is very powerful
9. Together we add to and supplement the privacy program tool based on the discussions in the workshop.

We also provide online legal guidance on privacy and the protection of personal information.  Michalsons Attorneys can provide traditional legal assistance and support to help you complete or use this tool.

Employee PI

Much of the employee PI resides Department and often includes information considered highly sensitive (such as employee health information). We assist you determine exactly what information is collected and stored by HR, as well as the employees that have access to that information.

Here you also need to deal with the often murky distinction between company versus personal information. This is illustrated by the following example: Mr X, a new IT employee, has a personal blog where he writes about a variety of topics, including technology and “work stuff”.  His manager finds out that Mr. X has identified company employees by name on his blog and detailed their stupid exploits. He has also mentioned security breaches and how the IT department mishandled the problem. When Mr. X’s manager confronts him about the blog, Mr. X becomes indignant and tells his manager that its “personal”, done outside office hours, and not related to the company. We will work through this scenario with you and discuss how this problem could have been prevented.

Who is it suitable for?

Any organisation that processes personal information and is concerned about the impact of the PPI Bill on its business.

What is it?

The Privacy Program Tool template is a spreadsheet that includes a:

1. Summary, which includes:
   1. metadata,
   2. a summary of deliverables and findings,
   3. tips on how to use the tool and
   4. a section to list some quick wins.
2. A Map of Activities concerning Personal Information, which includes the fields of information that you need to record
3. a sheet for recording Suggested Actions
4. a sheet to help discover and record Documents related to privacy and the protection of personal information
   
5. a sheet to record Consultations
6. a sheet to record Related Observations

It also includes guidance and examples.  It also refers you to the relevant sections of the PPI Bill.

How do I get it?

If you are interested,

Enquire Now

We will contact you to find out more about your requirements.

Tags: POPI project, privacy program, privacy project