To guarantee the ethical and responsible utilisation of AI throughout its lifecycle, your organisation must establish a lawful basis for each stage of the project. Involve legal and risk teams in the project from its outset. Active monitoring is also [...]
We’ve considered hundreds of versions of the AI lifecycle and captured seven essential stages that ring consistently across those versions. Our version of the AI lifecycle includes: Identifying the problem Planning and development Managing data Building and interpretation Deployment Operation [...]
The AI lifecycle describes the journey of an AI system from conception to deployment and beyond. There are various versions of the AI lifecycle available. Ultimately, the version you choose for your organisation will depend on factors such as organisation [...]
Information security is a more comprehensive approach to safeguarding all types of information. Data protection really focuses on personal data or sensitive data.
POPIA aims to protect the privacy and security of personal information processed by public and private bodies. It sets out conditions for the lawful collection, use, storage, and destruction of personal information. PAIA aims to give effect to the constitutional [...]
The SOPs don’t need their own distinct policy. Learn the details about the SOPs and the Cybercrimes Act to integrate them into existing policies related to data management, investigations and security protocols.
You can incorporate cybersecurity and awareness into ongoing training workshops.
The Information Regulator (IR) does communicate with other regulators but because each regulator has its own mandates, the IR is confined to the parameters of POPI and PAIA and anything that falls outside the four corners of these Acts will [...]
The initial difficulty that South Africa is facing is that it does not have a cybercrimes commission. At present, the Information Regulator works closely with the police and the Hawks but uses its own processes separate to those used by [...]
The Information Regulator will have a similar role with the Cybersecurity Act as it does now when receiving data breach notifications. A data breach is usually occurring at the same time as when a cybercrime is happening. The difficulty with [...]
The Information Regulator plans to clarify its updates on prior authorisation such as making application forms easier to use, in an upcoming guidance note. When dealing with personal information, remember to consider it in a holistic point of view. There [...]
The Information Regulator (IR) has discretion in when to assess organisations' data processing practices under both POPIA and PAIA. They follow prescribed procedures and inform applicants about the scope and reasons for the assessment. For POPIA assessments, factors considered include [...]