Are you looking for in-person POPI Act training or POPI online awareness training or eLearning for people who actually process personal information? The POPI Act is a new law in South Africa and there are many people who need awareness training on the POPI Act. Are you in the process of creating an awareness training programme? There are various different groups of people who need to know different things about the POPI Act (target audience). For example:
- People who actually process personal information as part of their daily work duties (like customer-facing employees) need specific training.
- Sales managers and marketers need to know about the marketing aspects of the POPI Act (with a focus on direct marketing issues).
- Call centre and helpdesk agents need to know how to deal with customer queries and complaints.
- IT managers and Information Security Officers need to know the implications for information security.
- HR managers need to know about protecting the personal information of employees.
It is crucial that the POPI Act awareness training is suitable and specific to the audience. But above all, it must be practical. It is important that the training adds value to your organisation. Training that is relevant to your organisation and that will address your specific issues. Your employees time is valuable and we want to make sure they spend it wisely. We contextualise our training and explain why people are attending and why things need to change (if things do need to change). The place to start is to identify:
- who needs to be trained (your target audience),
- what are the outcomes you want to achieve with the training (what should they know).
Once you have identified this, you can decide how best to achieve it.
In-person or online POPI Act training
We offer both traditional face-to-face and online training. We have a lot of content that can be presented in various ways. We use many different methods to train people, from videos, to assessments, to questionnaires, to exercises. Many organisations want the initial training to be done in-person, with follow up training being done online.
How we can help you
- Plan and manage your information security and privacy awareness and training programme by asking for our advice (which sometimes involves a workshop or members of our data protection programme can work through the module on managing an awareness training programme).
- Raise awareness among your employees on specific issues by asking us to provide you with online training or e-learning (and customise it if necessary).
- Raise awareness among your employees on specific issues by asking us to facilitate face-to-face in-person training.
What POPI training achieves
Our POPI Act training:
- enables you to demonstrate to your customers and the Information Regulator that you protect personal information,
- educates employees on the company policies (like an Acceptable Use of IT Policy),
- integrates information-handling practices into day-to-day business activities,
- sets up campaigns (e.g. posters, email) as well as “role-based” training.
Our training is aimed at different target audiences, as different target audiences have different needs on what they should be doing.
The Protection of Personal Information Act (POPI Act) requires that “appropriate, reasonable” measures be taken to protect information from loss, damage or unlawful access (as does the Payment Card Industry Data Security Standard and ISO 27001). This implicitly requires companies to provide training to help employees understand what those measures are (security experts often say that staff (insiders) are the biggest threat to personal information, and the list of breaches maintained by the Privacy Rights Clearinghouse is dotted with incidents resulting from employee mistakes). This is particularly important as the law requires the company to notify the Regulator and data subject of security breaches.
What this awareness training is not
Please note that the POPI training described on this page is awareness training for people who process personal information. This training is not for raising the awareness of:
- Your governing body or exco by doing an executive briefing. They need a high-level specific level of awareness.
- The person who is responsible for ensuring that your organisation complies with data protection law (possibly you). For example, this might be your legal adviser, compliance office, information officer or data protection officer. They need a much deeper level of awareness – that is what our data protection programme or our data protection workshop is for.
- Your managers, leaders or decision makers who plan and implement controls to protect personal data. They too need a deeper level of awareness and again that is what our data protection programme or our data protection workshop is for. Each person needs to work through the modules that are relevant to them.
It is very hard to train the different target audiences all at the same time. Some will get bored and others will feel that the training was too high level. It really does make sense to have different sessions for the different target audiences.
One idea to raise the awareness of POPI (and other IT laws like the ECT Act, or RICA) and the importance of protecting personal information is to put up posters. You can get some free information security awareness posters and a privacy awareness toolkit off the Internet, but they are not specific to the POPI Act. We also provide a variety of posters for a specific IT or ICT Law (ECT Act, PAIA, POPI, or RICA) to raise awareness about the law. We can provide samples on request.