The Protection of Personal Information Bill (POPI) will force companies to destroy data responsibly. Organisations that have access to confidential information - or any information that enables personal identification - will need to ensure privacy for both client and employee.
This is according to Gianmarco Lorenzi, MD of Cleardata. He says it will be the organisation's responsibility to ensure that all client, supplier and employee information is stored, destroyed and processed in a manner that promotes privacy.
There are a few factors to consider when planning policies and procedures for POPI, he says.
The most obvious questions to ask are: Where is the company's confidential information being stored in the office? Lorenzi says it is important to know if staff are using the bins under their desks to discard paper, if they are using centralised locations with cardboard boxes, or if they are using a combination.
He further says companies need to ask how the paper leaves the office. Does the company use a traditional recycler? Or a secure document destruction company? When the documents leave the office, are they shredded or still complete? And lastly, he says, organisations need to ask: Where does the paper end up once it has left the office? Is it being recycled responsibly?
There are two ways to mitigate risk when data destruction is concerned, Lorenzi says. The first involves implementing in-house initiatives - where staff shred documents. The second involves outsourcing a secure document destruction company to perform the shredding service, he says.
In most cases, the benefit of outsourcing far outweighs the risks associated with doing this in-house, he says. Organisations must evaluate their service providers, he notes, adding that the international regulatory body for document destruction is the National Association for Information Destruction (NAID), and it offers certification to shredding companies across the globe. This certification involves a detailed audit of the company's operations by a US-certified and qualified security professional.
The AAA certification from NAID ensures adherence to data legislation protection in the US, UK, Australia, Europe and POPI, the legislation that will soon be enacted in SA, says Lorenzi.
“The best way to ensure your data does not fall into the wrong hands is to have all confidential documentation shredded onsite, by means of a secure document destruction service. This will alleviate risk and give peace of mind that confidential records are being destroyed correctly,” he concludes.
Lorenzi is a speaker at the ITWeb Risk, Governance and Compliance conference, which takes place on 21 February, at The Forum, in Bryanston. Click here for more information.
Share