The Protection of Personal Information Act (POPI), exists to protect your personal information from being used in a malicious manner, says Meniko Records Management Services. For instance, when conducting a survey, you have the right to remain anonymous and if the researchers collect your personal information, they must guarantee your confidentiality if you do not want your details to be shared with other parties.
The POPI act states that information collection must be done with the recipient's consent, the reasons behind the collection and storage of your personal data must be clearly outlined and how the information will be stored. In other words: there must be measures in place that safeguard this information from accidently being leaked to the public, the information must be captured accurately.
Prevention is better than a cure
There is always going to be personal information in business documents and it's better to ensure that you have a reliable system in place to protect your staff, clients, general public and ultimately your own business. No one would like their personal details floating out there for the entire world to see, POPI helps to set out the conditions to lawfully purchase sensitive information.
The anticipated commencement date of the POPI Act is mid-2016, this will allow organisations a grace period of a year to become compliant (mid 2017). Organisations therefore will need to deploy a Records Management Solution within this grace period. According to Fin24 "Company executives who fail to secure data in South Africa may face jail time."
In addition your business could face serious reputational damage, lose customers and struggle to gain their trust once more, or worse, have to pay out in damage fees.
What constitutes personal information?
Among a few examples of personal information that fits under this bracket are:
* ID or passports;
* Home, work or personal phone numbers;
* Physical addresses;
* Financial information; and
* Employment and salary history.
This makes it clear why it's imperative that this information needs to be safeguarded. It is important for businesses to keep in mind that they are not obligated to protect information that is already within the public domain. For instance if a recipient has posted sensitive information onto social media, the recipient is putting that information out there. In this instant it is their duty to remain vigilant on what they are allowing others to see.
Does this compliance pertain to your business?
Accountability rests on the shoulders of any responsible party that determines the purpose of collecting personal information and the party must reside within South Africa or if the processing of information is undertaken in South Africa.
There are instances of exclusion where parties need not comply. In the event that information is captured for purely personal activity, criminal prosecutions or a threat to national security, judicial functions and within the journalism industry under its code of ethics.
What laws are linked to POPI?
There are various other laws that also protect personal information. The key ones are:
1. Consumer Protection Act (CPA);
2. National Credit Act (NCA);
3. Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA); and
4. Promotion of Access to Information Act (PAIA).
If there is a conflict between POPI and another law, POPI prevails. But if another law gives greater protection to personal information, the other law will prevail. For example, if POPI says you do not need to get consent to market to someone and another law (like the NCA) says you do, the NCA will apply and you will have to get the person's consent. There are various other laws, rules, codes or standards that relate to IT, however compliance is not the only component to take into consideration, any successful Records Management Solution should include three key elements.
Three key elements for a successful Records Management Solution
CAPTURE
With the vast amount of documents and content generated within a business process, the need to capture data in specific ways has become challenging. Capturing solutions and performance hardware need to be tailored to your business' specific needs.
STORE
Once all your valuable content is captured, the next step is to get the collective stored safely and securely. Storing content securely is a critical element in any records management solution. Should you choose cloud based, on-premises or hybrid storage solution, your content must be securely stored and ready for you to access whenever and wherever you need it.
MANAGE
Access and content management of your securely stored information is of paramount importance to your records management solution. The need to find information easier and quicker, saving valuable time and resources will maximise your return on your investment.
Download our content management checklist to make sure you get your hands on a reliable document management solution to help you comply with the POPI act.
Share