The threat to information security is as real as ever. At the same time, the legal obligations on organisations to secure the integrity and confidentiality of the information they process are growing. You have been securing your information for years for business reasons, now the law (in the form of POPI) also requires you to do so. Information Security is now a legal obligation. You cannot claim you were not aware of your obligations. And failure to comply has serious risks associated with it.

We offer a presentation, seminar, workshop, or executive briefing on this topic by an expert with practical experience. We also offer an eCourse on request.

Why is information security important?

Because it prevents people and companies from suffering harm when their personal information is compromised or they fail to protect someone else’s personal information and they suffer damage to their reputation, get put under strict regulatory scrutiny, or get fined or imprisoned as a result.

There are four aspects to information security:

  • Physical – the locked doors, walls, and security systems that keep your data safe;
  • Technical – the firewalls, encryption, and passwords that prevent hackers from getting unauthorised access;
  • Operational – the training and awareness you give to your personnel to ensure that they do the right thing and don’t fall foul of phishing attacks or otherwise compromise your security; and
  • Administrative – the policies and procedures that tell your organisation and the world how you protect personal information.

Organisations are often strong when it comes to physical and technical information security, but weak in terms of operational and administrative security. We can help you be strong in all four aspects and comply with POPI as a result.


  • Know your legal obligations and refer to relevant law (like POPI)
  • Be aware of the consequences
  • Identify the biggest risk to your organisation
  • Take steps to avoid the legal risks

What do we cover?

  1. What information must you secure?
  2. What are you required to comply with? What must you consider? What are the relevant information security laws? What is appropriate and reasonable?
  3. The relationship between a responsible party and an operator.
  4. Dealing with incidents. Notifying people.
  5. Implementing good policies to reduce fines.
  6. What are the top legal risks at the moment. What are the consequences.
  7. Take home points and Action items

Course material

We will provide attendees with:

  • a link to an electronic copy of our presentation,
  • our POPI Mapper – a tool to map activities,
  • a list of POPI Action Items so that the session translates into practical action, and
  • an audio recording of the event (private sessions only).

Public workshops

Our POPI and Information Security Workshops have been well received. The new dates will be published soon.

One delegate costs R2,500 (excluding VAT). Two or more qualifies for a 10% discount. We will serve refreshments. We limit delegate numbers, so bookings are done on a first come, first served basis. We aim to give practical insights that you can use to be effective. We do not give law lectures! We will refund you, if you do not think you received value.

Private workshops

We are able to provide private, in-house workshops to you at your premises. For more information, email our support desk ( to get in touch to discuss a suitable date.

Who should attend and why?

  • Directors (executive and non-executive, CEOs and FDs) – to discharge their legal duties and direct the course of the organisation
  • CAEsauditors and assurance providers (internal and external) – to audit and provide assurance regards IT
  • CROs and Risk Managers – to address IT legal risks
  • CIOs and IT Managers – to manage IT
  • IT Operators – to ensure that IT operates
  • IT Security officers – to secure IT
  • Information (protection) officers – to balance access to information and protection of personal information
  • IT Governance officers and specialists – to govern IT
  • Compliance officers – to effectively comply with IT laws
  • Consultants – to advise and provide solutions on IT related issues
  • Legal advisors (corporate lawyers or in-house lawyers) – to provide good legal advice on IT issues

Who is the presenter?

David Luyt

David is a POPI professional. He is busy helping all kinds of businesses come to terms with POPI. He has a particular interest in information security because it is a central question from anyone building a technical system that has to comply with POPI. He has spoken and written about keeping personal information secure in the context of:

  • cloud based software – like software as a service, platform as a service, and infrastructure as a service;
  • big data – including the challenges posed by securing extremely large quantities of personal information dispersed across multiple servers; and
  • enterprise software – like hosted systems where the company controls their own infrastructure.

If David is unavailable for any reason, we will ensure that another practical attorney from Michalsons presents. We will ensure the attorney is the best person to present the course depending on the type of course, the date, the specific issues and the attendees.

How long is it?

We provide this course in different formats. Public and private sessions can last for anything from 45 minutes, half a day or a full day. We also provide eCourses that can be done via the Internet at your convenience. We welcome enquires for more information and details.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.


Our public workshops are at various venues around the country. We choose venues that are central so you can get to it easy, that have adequate parking, good food, and that ensure you are comfortable. We are happy to hold the event at your venue. If you want a personal in-house session at your offices, please contact us for a quote.