POPI and personal information – what you need to know
One key aspect of POPI compliance refers to the the requirement for confidential destruction of any documents containing personal details. Failure to comply with the Act can lead to fines and penalties as well massive reputational damage.
Speaking to Bizmag.co.za, Lorenzi offers the following tips for businesses to apply or pay attention to whenever planning a strategy to ensure POPI compliance when it comes to document destruction:
1. Delegate the responsibility:
Businesses should employ the services of a reputable information destruction partner that is compliant with international standards document destruction. Quoted by Bizmag.co.za, he declared: 'When document destruction is outsourced, organisations can focus on their core business and leave it to the experts to ensure that confidential documents and records do not fall into the hands of unauthorised parties.'
*********** Recommended For You ***************
The perfect tool to make your labour issues easy!
You've got more important things to do than draw up a warning letter or simple contract from scratch. You need it done for you. And we've done just that.
With the A-Z of Master Forms and Templates you
have all the information you'll ever need for labour, human resources and health and safety right at your fingertips.
We've combined years of research by South Africa's top labour, HR and health and safety experts to give you a complete list of all the forms and templates you'll ever need.
Get the A-Z of Master Forms and Templates and make your labour issues easy
2. Don't neglect physical documents:
The business' management team may often think that the confidential paper destruction aspect of the business is taken care of, while this could actually be neglected or omitted entirely. Make sure this isn't the case for your business and make sure documents are shredded in a secure location by a National Association of Information Destruction (NAID) compliant service provider whose practices are in-line with international security guidelines.
3. Get rid of the clutter:
According to the same source, management teams must know what information should be stored on paper and what information stored electronically. You should then implement an appropriate destruction protocol in this regard throughout the organisation. You have to make sure employees only store information required for the business and ensure expired records are destroyed timeously and effectively.
In the end, he explains that "when destroying unwanted personal information, shredding is still the most effective data destruction method as it ensures the documentation cannot be reconstituted in any way. Failing to destroy personal customer information properly could lead to severe consequences which includes hefty fines from the regulator.'