Upholding our constitutional right to individual privacy, the Protection of Personal
Information Act 4 of 2013 (POPIA) is a crime prevention blueprint put in place to protect
against crimes of identity theft, fraud, cybercrime, spamming and information theft and
its related offenses.
The purpose of the Act, enables compliance by South African businesses on how togain access to personal details and capture, standardise, use, store and discard customer information collected during the course of business communications.
Every business which requests or processes a customer’s personal information must
comply to the Act. For those companies which don’t, they face possible fines of up to
R10 million.
According to John Woollam in a recent BusinessTech article, “Compliance reassures
your customer base of your commitment to their privacy and to the ethical management
of their data.This goes a long way towards cementing your reputation as a trusted company, and to ensuring that future communication is always aligned with regulation and compliance
mandates.”
For businesses, the Act safeguards compliance to better data and security management
of private information and holds businesses accountable regarding how they use the
information.
Implementing POPIA for the Private Security Industry
Implementation of the POPIA process is not a once off duty but rather an ongoing effort
– one which also offers the potential for companies to deliver better customer
experiences and services.
Equivalent to the European Union GDPR, which went into effect in 2018, POPIA sets
out to regulate better data and security management of public data through a series of
compliance steps, which bring South Africa’s privacy laws in line with international
standards.
The principles of POPIA look to South African businesses responsibility, security, and
consent and clear guidelines on special protections for certain categories of data, as
well as that of children.
Security Industry Specific POPIA
All South African businesses must follow the POPIA processes and systems put in
place which will identify where the personal information is stored, how it is processed,
who has access to it and the purposes for which it is being used for.
Onguard has been compliant since the law was first promulgated. We saw the benefit of protecting peoples information. In this business, you hear of so many
breaches of trust and underhand deals, such as lists and databases being sold. We do not buy lists. As a company we value best business practices and always act with integrity. All Onguard staff sign a non-disclosure agreement and have limited access to company databases,” confirms Onguard Sales Manager, Jamie Bell.
Ensure your business is POPIA Compliant with these simple steps:
- Inform your employees about POPIA and the regulations which they need tofollow in their line of duty.
- Assess your data collection process.
- Review and amend your company policies where required.
- Identify who will be your POPIA Information Officer and ensure they are aware of their roles and responsibilities.
- Implement the Gap Audit and produce your policies and procedures manual (see below).
- Lock down your new security blueprint.
- Train your staff and keep them updated with new information from the POPIA compliance website.
POPIA can transform your security business and secure your customers into the future.
Whether you implement it yourself or use a service provider to assist you in your audit, it
pays to keep the new security regulations top of mind and sustainable within the
management of your business.
POPIA policies and procedures manual needs to outline your own organisations
privacy policy as to how you collect data in regard to the following processes:
Data collection (type of data, purpose, consent, legal aspects, minimalist, and
transparency)
Data access and accuracy (correct, complete, reliable and process of
updating information)
Data usage and restrictions (purpose, relevance, restrictions, legality, permission,
limitations)
Data storage (physical, off-site, electronic, back-up, cloud storage)
Data security safeguards (physical, electronic, network, password control, disaster
recovery.
Disclosure (legality, consent, data subject awareness, data request handling)
Responsibilities (All directors, top management, Information Officer, personnel dealing
with Personal Information, vendors, contractors, suppliers)
Complaints (process, handling, legalities, transparency)
Retention (retention schedule)
Destruction (destruction schedule)
Implement staff awareness training (all current staff, new appointees and regular refresher training).