Compliance with South African POPI Acts

Transcription

1 Compliance with South African POPI Acts Ebook Developed by Virginia Hendricks

2 THE POPI ACT Ensuring that your organisation is abiding by both your own industry regulations and government legislation. Compliance entails 2

3 Compliance Compliance = Role of Top Management They are responsible for setting an organisation s direction and communicating priorities to employees and stakeholders. These include linking records management to the organisation s requirements and goals, and understanding the risks associated with inadequate records management. 3

4 Compliance Records Management Programme Sound records management exists within the same regulatory framework that requires and governs good governance, accountability and transparency. At The Document Warehouse we offer a range of Records Management and storage solutions. With secure storage and record solutions that keep our clients and their clients information secure, whether it's paper, electronic or data. The Document Warehouse prides itself on top notch barcoding techniques that safeguards you and your companies information. 4

5 Compliant with legislation? Being compliant with Legislation requires that: Organisations manage and control their records. From the time they are created to their eventual disposal or preservation of information. 5

6 Is Your Organisation Compliant With Legislation? Compliant Checklist Is your Records Management programme able to meet compliance requirements of security, regulations, principles and standards? Are your s and web pages managed as records? Compliant Checklist Can you find the right documents and records when you need them? Does workflow and business process work with documents and records management to help increase efficiency within your company? 6

7 Non- Compliance! Records Management is about attaining a records management benchmark of best practice i.e. - ISO Best Practice of a Records Management Programme Policies Procedures (SOP); Business Classification System/Naming Convention for files/records. Retention and disposal schedule for records; Continuous Records Management Training to all employees. 7

8 Your organisation cannot be compliant if your records are not being managed properly! Virginia Hendricks National Training Consultant The Document Warehouse Dedicated to service The Document Warehouse (TDW) is about helping organisations become compliant. We are passionate about managing your company records and are here to help you to manage your records management. 8

9 Protection of Personal Information Act 4 of 2013 Companies will soon be required to comply with the stringent Protection of Personal Information (POPI) Act. This is going to regulate how we handle, store and secure personal information. The POPI Act was signed into law during November 2013, commencement date will be announced later this year! However one should start implementing solutions now to avoid fines or prosecution. Disclaimer: Information shared and distributed relating to POPI is based on The Document Warehouse internal employees interpretation of the Act and information available in the public domain. The Document Warehouse does not profess this information to be a conclusive or comprehensive formal guide to POPI. People should at all times refer to the Act itself. 9

10 Who Must Comply? Personal information / entity, His or her or its Purpose of the Act Promote the protection of personal information Introduce certain conditions Establishment of an Information Regulator Perform certain duties and functions in terms of this Act and the promotion of Access to Information Act, Issuing of codes of conduct; Rights of persons regarding unsolicited electronic communications Regulate the flow of personal information across the borders of the Republic. 10

11 Purpose Of POPI POPI- brings the country in line with international laws on privacy. Data Protection Act 1998 (United Kingdom) Data Protection Directive (European Union) Data protection and privacy laws (Russia) Electronic Communications Privacy Act (United States) Personality rights Privacy Act of 1974 (United States) Privacy Act 1988 (Australian) Right to be forgotten Protection of Personal Information Act 4 of 2013 (SA) 11

12 8 Core Conditions To POPI 1. Accountability 2. Processing Limitations 3. Purpose Specifications 4. Further Processing 5. Information Quality 6. Openness 7. Security Safeguards 8. Data Subject Participation 12

13 1. Accountability 2. Processing Limitations Accountability Define the purpose of the information gathering and processing: Personal information must be collected for a specific, explicitly defined and lawful purpose that is related to a function or activity of the company concerned. Processing Limitations Take steps to notify the data subject: The individual whose information is being processed has the right to know this is being done and why. The data subject must be told the name and address of the company processing their information. In addition, he or she must be informed as to whether the provision of the information is voluntary or mandatory. The processing must be lawful Personal information may only be processed if it is adequate, relevant and not excessive given the purpose for which it is processed. 13

14 3. Purpose Specifications 4. Further Processing Purpose Specification Further Processing Personal information must not be retained any longer than is necessary personal information must be destroyed, deleted as soon as the purpose for collecting the information has been achieved. Limitation The rationale for any further processing: If information is received via a third party for further processing, this further processing must be compatible with the purpose for which the data was initially collected. 14

15 Information Quality Information must be complete and should never be misleading. At the same time information should be relevant and updated on a regular basis. All information must be accurate and credible at the time of acquiring it. This will ensure that quality information is collected, managed and stored correctly. 5. Information Quality 15

16 6. Openness 7. Security Safeguards Openness Audit the processes used to collect, record, store, disseminate and destroy personal information: Companies must ensure the integrity and safekeeping of personal information in their possession or under Security Safeguards Security measures on integrity and confidentiality of personal information by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to, access to, personal information. their control. They must take steps to prevent the information being lost or damaged, or unlawfully accessed. 16

17 8. Data Subject Participation Access Part A Access to personal information Correction of personal information Manner of Access Part B Process and Authorisation concerning data subject s Religious and philosophical beliefs Race or ethnic origin Trade union membership Political persuasion Health or sex life Criminal behaviour or biometric information. Part C Processing of information of children 17

18 Notify the information Protection Regulator: When the POPI is enacted and a Regulator established, organisations processing personal information will have to notify the Regulator about their actions. They will also have to notify the Regulator of any requests for information (PAIA) and or personal information. (POPI) 18

19 What happens if you don t comply? Suffer reputational damage Lose customers and fail to attract new ones Pay out millions in damages to a civil class action Be fined up to R10 million or face up to 10 years in jail This is serious, you need to take action now. Raise your Awareness Raise employees awareness 19

20 Is Your Business Compliant? Are you ready to implement the POPI act into your business, to safeguard your information and records? The Document Warehouse has the right solution for you Book your POPI Workshop with our training academy by calling us or visiting our website for more information. Lets help you get ready before it s too late. 20

21 The Document Warehouse South Africa's Professional Document Solution Leaders Since 1992 Our Team Are Ready To Assist You 21