NEWS | POPI is here - are you ready for it?
POPI is here - are you ready for it?
With the national lockdown as a result of the COVID-19 pandemic keeping us all a little preoccupied, you might have missed the news that the Protection of Public Information (POPI) Act came into law on 1 July 2020.
All businesses handling personal information have until 1 July 2021 to implement the necessary processes and procedures to ensure compliance.
What does the POPI Act entail?
Firstly, it seeks to protect:
- The public's personal information (defined as any information that distinguishes one person from another)
- Data associated with any legal entity (from private companies and NGOs to people)
- All the data related to all these entities, i.e. employee, customer, supplier and all stakeholder information
Next, it aims to govern the handling of personal information:
- Only personal information needed for a specific purpose can be collected and stored
- Access to this data must be restricted
- The legal entity owning the data is permitted to view it on request
How to ensure POPI compliance
It's easy to forget about documents when they're no longer in active use or go into storage. But when it comes to personal information, out of sight is not out of mind. Here's why:
- POPI makes specific provision for the correct storage and destruction of documents containing personal data - get to know the requirements of the law and make sure you meet them
- You need to know why personal data is being collected in your business. Where and how it is being stored and destroyed - appoint a responsible, trusted person who knows the flow of information in your organisation to take ownership for this.
- The information must be secured at every stage of its journey - ensure proper security measures are in place at all times and restrict employee access to this data
- If you have the resources in-house to safely and securely store and destroy personal information, do so, if not, appoint an expert in this field to assist you
- If you're storing and destroying documents on-site yourself:
- Be transparent about your storage and destruction processes
- Make sure these processes meet the minimum security requirements
- Implement a reminder system for when stored documents are due for destruction (only keep what you need, this saves space, time and money)
- If you are outsourcing document storage and destruction, look for a credible partner:
- With a solid track record that meets all legislative requirements
- That issues certificates of destruction confirming these requirements are constantly met
- That is environmentally conscious (recycling destroyed documents)
Getting your business POPI compliant might seem like an unnecessary expense, but aside from now being a formal legislative requirement, it just makes good business sense.
As responsible corporate citizens, we should all know who is handling our businesses' sensitive data, and take the necessary measures to safeguard it.
Not only does this protect us as business owners as well as our employees, suppliers and partners, but it also saves money in time and resources.