With the promulgation of the Protection of Personal Information Bill (POPI) later this year, the protection of consumers' personal information is becoming increasingly important.
This has become particularly relevant for telecommunications companies in light of the increase in cellphone banking fraud in SA.
So says Gianmarco Lorenzi, MD of Cleardata, a group company of JSE-listed Metrofile Holdings, who notes that recent statistics released by the South African Banking Risk Information Centre revealed that cases of illegal SIM swaps, which resulted in subscribers losing money, increased by 900%, from fewer than 100 cases in 2011, to around 1 000 cases in 2012.
With around 29 million cellphone subscribers in SA, according to Nielsen, service providers must implement practices to help reduce the number of fraud incidences. One way of doing this is to ensure the proper destruction of documents containing clients' personal details, says Lorenzi.
"Cellular network providers handle and store thousands of clients' personal information on a daily basis and need to ensure this information is protected at all times in order to comply with the POPI Bill," he says.
According to Lorenzi, while company head offices may already be working closely with legal teams to ensure compliance, they may be forgetting about an often-overlooked aspect of the organisation - its network of branches across the country.
"It is crucial to ensure that regulatory requirements extend to all areas of the organisation, regardless of their location, as non-compliance with legislation governing data protection could potentially lead to the downfall of the organisation," he says.
"It is also advisable to ensure that all organisational branches are reviewed constantly with regards to data protection regulations, and that necessary steps are taken to ensure adequate levels of compliance. Shredding unwanted documentation remains the most effective data-destruction method, as it ensures the documentation cannot be reconstituted in any way."
According to Lorenzi, POPI standards require that personal information is not only securely stored and managed, but also properly disposed of in a manner that ensures the information cannot be reconstituted.
Every company that has access to personal information relating to their employees or clients has a responsibility to dispose of that information in a proper manner, he stresses. "Risks are faced by all industries, however, financial institutions, such as banks, are faced with an even greater risk due to the vast amount of personal information they have relating to their clients."
According to Lorenzi, if documents are not disposed of effectively, the organisation could face legal, reputational and financial consequences. Telecommunications companies can be held liable for identity theft if client information falls into the wrong hands, he notes, adding that casually discarding information shows a callous disregard for customer and shareholder interests.
"All businesses should protect their information at all transaction points and employ strict governing principles at all branch locations to ensure no documentation is left exposed to avoid the consequences of non-compliance."
Share