The mention of Sentech is enough to attract many people`s attention, depending on how much they have had to do with the company or how much they have read about the company in the last few months.
For those not in the know, Sentech is in the business of broadband networks, supplying communication solutions and services to the South African and African markets. In recent months there has been much publicity surrounding the dispute with a number of its users over quality of service.
Matters were aggravated when one of Sentech`s employees accidentally e-mailed the company`s MyWireless client database to some of its clients. The database contained names, addresses and contact numbers of 1 500 MyWireless users. This was a serious breach of confidentiality and the implications this has in terms of data privacy and data protection are severe.
The database leaked out of Sentech could just have easily been picked up by someone rummaging through the company`s trash, looking for useful or confidential company documents.
Documents, whether printed or electronic, are the lifeblood of business; and at some point, documents and confidential data must be discarded. Customer lists, price lists, customer or client databases, sales figures, business correspondence, strategy documents, staff lists, personnel databases, would all be of interest to competitors or corrupt staff and if allowed to fall into the wrong hands, the right to privacy of anyone contained in those documents is infringed.
Every business is entrusted to keep private the information it manages. Employees and customers have the legal right to have that information protected. Business is becoming more concerned with the security of its information and records as new legislation requires it to provide select people access to certain information, while simultaneously ensuring data privacy.
Organisations that discard private and proprietary information, without the benefit of ensured confidential destruction processes, expose themselves to costly loss of business, poor corporate governance practices and possible infringement of the law.
Legalities
Data privacy has become an important trade issue, to the extent that in some instances privacy concerns may create barriers to international trade.
Paul Mullon, Marketing director, Metrofile
Concerns about data protection have increased worldwide since the 1960s, due to the increase in the use of e-commerce and quantum leaps in technology. Accordingly, as of 2004 there are more than 30 countries that have enacted data protection statutes at national or federal level. The South African government has realised that it must follow suit or suffer.
Information/data privacy is only briefly mentioned in certain pieces of South African legislation and codes of conduct, including the Constitution (1996); the Promotion of Access to Information Act (2000); the Electoral Act (1998); the Electronic Communications and Transaction Act (2002); the code of conduct for banks issued by the Banking Council in 2000; the industry code of conduct which regulates credit bureaus; and various best practices published by the Marketing Federation of South Africa.
Data privacy has become an important trade issue, to the extent that in some instances privacy concerns may create barriers to international trade. Data privacy legislation will ensure SA`s future participation in the international information market.
Our law recognises a number of different forms of privacy, but to date case law is not yet established for information/data privacy. The law recognises that everyone has the right to privacy under the Constitution and common law, but it is debatable whether or not this includes information privacy.
To address this gap in the law, the South African Law Reform Commission released an Issue Paper in August 2003, to set in motion the creation of a data protection law specifically designed to address the South African information and data environment.
While the data protection law is in the process of being developed, it will most likely still be at least a year before the legislation is in effect. In the interim, the vital information that is held in organisations may be at risk of coming into the hands of the wrong people. The implications are too severe for companies to wait for the legislation to be enacted. In addition, many employees print out confidential information and then merely drop this into the waste paper bin, for anyone to read at their leisure, putting the company at risk.
Regardless of the presence of data/information privacy law, organisations must be responsible about how they dispose of documents once they are no longer needed. Simply throwing documents that contain crucial information onto the trash heap is irresponsible. Organisations need to implement policies and procedures that ensure confidential documents are disposed of in the most secure and appropriate ways. The law should be nothing more than a formality.
Share