With the new Protection of Personal Information Act, No.4 of 2013 (POPI Act), which has been in effect since 1 July 2020, it is essential that your business and its employees are extremely careful when it comes to handling your clients personal information.
Because we live in a world where we are evermore connected – especially online – we are particularly vulnerable to information theft and the misuse of another’s sensitive information.
The new POPI act is aimed at guarding us all from these threats better. And as a business you have the responsibility of looking out for threats against your clients and putting measures in place that are in their best interest.
While penalties for not adhering to the act will only apply from July 2021, it is a wise idea to begin setting your POPI compliance in motion as soon as possible, simply because it is the ethical thing to do.
Since we, at CC&A, believe in doing more than providing cover, such as adding value to your business endeavours, we thought we’d write up a few pointers to help you ensure your business is POPI complaint.
Review All Business Information
It is good practice to have a look at all of the information your business is currently making use of or collecting and review the purpose of keeping this on hand.
You should also look over existing agreements and documents or new agreements pertaining to third party responsibilities for sharing information.
Spring Clean Your Database
It is essential that you search through your newsletter database and make sure that you have appropriate consent for each email on it. We advise that you discard any information that is no longer relevant to your business. For instance, you can remove clients who have discontinued your services.
Look at How You are Storing Information
It is important that you review how you are storing clients’ information and ensure that you tighten up on your filing security. You should also decide on how long you will be storing this information and ensure that you communicate this with them.
On this topic, it is a good idea to assess your cyber security practices and ensure your staff are using industry standard practices. Read our blog on How to Improve Your Cyber Security for an idea of what your company should be doing. Another point to consider when it comes to cyber safety, is deciding whether you should have a commercial insurance policy which covers cyber liability (such as data ransom).
In all of your dealing with clients and their information, you should always be transparent with them and clearly discuss your processes. You should make sure your business is sending them all the appropriate consent forms, privacy policies, cookie notices and your CCTV notices.
If you are collecting information from clients, you need to be honest about what exactly you will be using that info for presently and in future. Clients must be given the chance to “opt-in” to any communications and sharing of their personal information (this is something you may want to chat to your inhouse marketing department about).
Conduct Internal Training
It is a wise idea to arrange an internal training session with any staff who handle client information. Each and every staff member should understand how they are expected to handle data, what procedures they should follow when handling it, what the consequences of not following procedures are and who they can call if they are uncertain about anything.
For more in-depth information about POPI compliance and what your business needs to do, you can view this pop.law PDF.