Most companies are aware that the PoPI Act is around the corner. The purpose of this act is to ensure South African companies and institutions take care of client person information. The act forces companies to be responsible when they collect, manage, process, share or even store your personal information. The act holds the receiving entity accountable for any compromise, abuse or even breach of personal information. In short, the act considers your personal information to be “precious goods.” With the rise of identity theft in South Africa, we believe the act is a necessity.
Unfortunately, in most cases, simply receiving sensitive data from your client via email will not be considered sufficient protection. There is not a lot of security in traditional email transmission. The act requires all entities to take as far as reasonable care to ensure protection of their clients. The good news is we considered the act when we designed our system.
Some of the important points regarding PoPI compliance you need to know:
With the above said, our software was designed with PoPI in mind. This is just one of many benefits of using our service. We cover all the above requirements with our software. We use state of the art encryption with all our data transmissions. All our accounts are password protected and stored in a safe and secure cloud. Your client can see exactly what documents you have in your possession. You can even explain in the file description what you intend to do with the specified file. Our system is a great solution to PoPI. Using our service is the first step to ensuring your clients are protected.
Examples of “personal information” include:
In most cases, companies who transmit client documents online will have to be PoPI compliant. It’s not just the big corporations who have to comply. Simple mom and pop operations will have to take the same care of personal information.
FAQ About the PoPI Act
Below are some questions and basic answers regarding the PoPI act.
There are sever repercussions if you do not comply with the act. Non-compliance could expose the responsible party to a fine of R10 Million and/or imprisonment of up to 10 years.
Yes, once the act comes into force, companies will have 365 days to comply. However, we strongly suggest you get everything in place as soon as possible. Although technology can solve a lot of the requirements, some procedures will be more difficult to resolve and comply. You need to educate your staff and make sure your all your other processes comply.
Responsible entities will have to ensure all data is protected, even if received before the act came into force. In short, you will have to protect future and historic data and treat both with the same respect.
There are too many reasons to mention all. Firstly, it build customer confidence, secondly it improves reliability in your company and lastly, it reduces the risk of breach or compromise. At the end of the day, you are protecting your customer and yourself.
The answer is very simple – everybody. Every business will have to comply. It is the responsibility of the entity to make sure they align themselves with the requirements of the act, or face the consequences.