subscribe: Daily Newsletter

 

P2Dss helps businesses comply with PoPI

0 comments
The Protection of Personal Information (PoPI) Bill now requires organisations to establish appropriate policies and procedures to protect the various forms of data that are part of their business operations. Failure to comply with this Bill is a criminal offence and directors could face hefty fines or even imprisonment.
Local electronic records management specialist company, Paper 2 Digital Storage Solutions (P2Dss), has issued a warning to company executives to ensure that they comply at the highest level. It says companies should not be misled into thinking that proposed new privacy laws do not apply to them.
PoPI was conceived to give effect to the right to privacy by introducing measures to ensure that the personal information of an individual is safeguarded when processed. It also balances the right to privacy against other rights, such as the right to information and other important international interests. This is particularly important for the free flow of information within and across the borders of South Africa.
P2Dss CEO, Dawid Jacobs, says the Bill applies specifically to personal information that is processed.
“Company executives need to protect more information than they expect. Processing includes collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, use, dissemination and merging.”
Personal information privacy presents a growing challenge as organisations must adapt and comply with complex international laws on how they handle personal information. More importantly, it is imperative that all scanning, digitisation or capturing of paper-based documents, or rather records into electronic format, is done according to set rules and regulations applicable to the industry involved and the laws of South Africa.
He says P2Dss has always ensured that its clients comply to the highest level, including all Acts and international industry standards.
“For the first time South Africans will have their constitutional right to the privacy of their personal information enforced. The PoPI Bill will bring South Africa in line with international data protection laws and at the same time will protect personal information collected and processed by public and private organisations.”
The Bill applies to all companies that collect, store, or process personal information including banks, insurance companies, medical and health organisations including medical practitioners, retail stores, and the Government. It also includes all employee information which means there are few instances under which personal information does not need to be protected.
To this end, P2Dss has implemented stringent policies and procedures as per all applicable legislative compliance and local and international standards, to ensure that all digitisation of paper-based records is done correctly and that it is documented throughout these processes.
“With the new PoPI Bill, we have once again ensured that we are fully compliant and we have also reaffirmed that all information we manage and process for our clients, is protected at the highest level. Furthermore, we have ensured that all our staff are trained according to these laws and standards,” he explains.
The enactment of the Bill will bring about a significant level of protection to individuals and companies in South Africa with regard to how their personal information is handled. Individuals will now have the ability to hold organisations to account for the ways their personal information is handled or mishandled, as the case may be.
Jacobs says P2Dss has researched and will continue to study and implement all relevant legislative Acts of South Africa, to ensure it complies legally towards all processes.
“As our core business focus is the digitisation of paper-based records to electronic format, the PoPI Bill is crucial to our role in business as well as our role in consulting with companies regarding the importance of Information Security.”
The main purpose of the Bill is to give effect to the constitutional right to privacy and to regulate the manner in which personal information is processed. The Bill also brings South Africa in line with international norms on the protection of data privacy, thereby allowing the flow of personal information to South Africa from other nations with data protection regimes.
This is particularly important for services such as data centres or call centres outsourcing and IT software solution providers who host such information here for foreign organisations. However, local organisations with foreign operations must take heed of the data protection regulations in those foreign jurisdictions to ensure they comply when transferring customer or employee information with South Africa.
“The PoPI Bill states that all personal information processed, or in our business case, be scanned (digitised) lawfully and without infringement to the person whose information is being processed.
“Our operators are trained according to our Standard Operational Procedure, derived from various ISO and SANS Standards, to ensure the capturing of all data is done correctly and that true Quality Assurance is maintained at all times,” he explains.
P2Dss operators are also trained in various policies including Records Management Policy; Acceptable Use Policy; Ethics Policy; Information Management Policy; Information Security Policy (derived from ISO17799 Code of Practice for Information Systems Security) and Information Sensitivity Policy.
These policies assist its operators to fully understand the importance it places on its customer’s data and this has ensured that it already complies with the PoPI Bill.
The PoPI Bill also indicates how security measures must be put into place to ensure that all processing by an operator of any individuals personal information is done legally. It clearly stipulates that safeguards must be put into place, be audited regularly and be updated continuously to ensure no personal or for that matter any information is leaked without authorisation.
P2Dss has therefore implemented the above mentioned policies, as well as various others, to ensure it offers the highest level of Information Protection to its clients. More importantly, there must be specific procedures in place to ensure that the PoPI Bill is adhered to. Again, P2Dss has put in place quality assurance, a full chain of command and other documented processes to ensure it complies with this.
“P2Dss has also signed contracts with all its employees to ensure it complies to the PoPI Bill. It is therefore vital that every company currently scanning their own personnel’s information or having it scanned by a third-party, understands and complies with this law,” he concludes.