Given the big noise around big data, it’s understandable that companies are competing to accumulate as much information as possible, but the flip-side of this is the need to securely store this sensitive data to ensure privacy, legal compliance and avoid punitive fines (up to R10-million).
Nashua CEO Mark Taylor says the company recognised that clients were struggling to understand the multiple pieces of legislation relating to data storage, from the Tax Administration Act, the Companies Act, the Basic Conditions of Employment Act, the National Credit Act and the Consumer Protection Act – to name but a few – to the Protection of Personal Information Act, once enacted, that govern document retention.
He says Nashua saw the opportunity to add value for clients by providing an easy tool to demystify complex document retention rules and legislation.
“We commissioned a legal firm to produce a guide – Managed Document Solutions – to provide a straightforward overview of what records you need to keep and for how long.”
The guide aims to safely walk businesses through the document retention minefield: Not only are there different types of records that need to be retained, but there’s also stipulations around whether the original document is required, while in some instances a copy might suffice. How long must the documents be retained and is there a maximum prescribed period? How must they be looked after and where must they be kept? What may (or may not) be done with that information while it is being retained? How should it be secured?
Taylor adds: “The document retention guide was commissioned in 2017 as part of the Nashua DocuWare launch. It was a considerable investment for Nashua with hundreds of hours spent researching legislation and honing the final product into an easy-to-read and follow guide.”
There are three key factors to consider when it comes to record retention. They need to know:
* The types of records to be retained;
* Whether the record must be retained as an original or a copy; and
* The minimum period of retention.
Some laws even prescribe where the records must be kept, adding to the layers of difficulty in compliance, and when PoPIA comes into effect it will impact all documentation that includes personally identifiable information.
Taylor has the following advice for businesses to protect their electronic records:
* Store them on a medium that’s appropriate for long-term retention.
* The electronic repository must have sufficient storage capacity.
* Archives and backups must be securely maintained.
* Keep separate records with particulars of historical archives and backups.
* Deploy documented technical and organisational measures to safeguard against unauthorised access, theft, loss or intentional or accidental damage, destruction and falsification.
* Implement systems to facilitate the discovery of any attempted or actual changes, falsification or unauthorised access.