Business leaders be warned, poor information management can and may be used against you.
With the introduction of the Protection of Personal Information (PoPIA) Act in South Africa in April this year, local businesses are now legally required to ensure that all client, supplier and employee information is stored, processed and destroyed in a manner that upholds privacy and protection of personal data.
Data protection and information management are increasingly under the global microscope as significant breaches have dominated the headlines in recent times.
Ashely Madison, Ster Kinekor and the Panama Papers are just three prominent intercontinental examples, while only late last year, more than 60 million South Africans’ were left vulnerable as their personal information, including ID numbers, were unlawfully accessed and leaked from a real estate holding company server.
Cybercrime is on the increase (up 63% in the UK alone) and the associated cost of these damages is predicted to reach $6 trillion annually by 2021. What’s more, business cybercrime is believed to grow exponentially and become the greatest threat to every company worldwide.
The responsibility of personal information to be safeguarded against being leaked falls squarely on the shoulders of the companies who obtain it. While PoPIA aims to ensure compliance when dealing with personal information, and holds unethical entities accountable for abuse, it cannot protect data from being leaked.
Personal data that is protected by PoPIA consists of personal contact information (address, telephone numbers, email etc), demographic information (ID, date of birth, age, ethnicity, etc), private correspondence (conversations between a representative and a client), and biometric information (blood type, finger prints and medical history).
According to Wayne Clarke, Managing Director of Metrofile Records and Information Management South Africa, “Data protection risks are faced by all industries, but due to the volumes of personal client information they collect, financial institutions, medical and insurance companies face the greatest threat.”
Non-compliance and resultant data breaches can lead to lawsuits and penalties including R10m fines and jail time for up to 10 years. Businesses need to guard against this liability and securely store and manage essential company records. Partnering with an information and records management specialist can help implement secure information and backup solutions, but they need to be compliant with record keeping regulations, and have the necessary security measures in place.
Apart from cybercrime, inefficient disposal of documentation opens businesses up to further threat, legal ramifications and financial losses. Clarke says, “Businesses that compromise on responsible document disposal could be handing seemingly invaluable personal information over to fraudsters, who may use this data to steal identities, bid the details off on the dark web, falsely apply for credit, and/or pass intellectual property and trade secrets onto competitors.”
South African businesses are legally obliged to keep company records securely in their system for up to seven years. These records include AGM reports, annual financial statements, accounting records, notices, minutes and resolutions of all shareholder meetings, plus any information made available by the company to the holders of the securities in relation to such resolutions.
Clarke explained, “When documents are no longer relevant or required, it’s best to destroy them responsibly and the most effective way of ensuring that information cannot be retrieved, reconstructed and repurposed [so-to-speak], is to shred them.
Digital transformation is the way of the future, but it comes with many risks. Data protection and information management requires strategic and risk oversight to remain compliant and future-proof businesses against new age challenges.”
Edited by Neo Sesinye
Follow Neo Sesinye on Twitter
Follow IT News Africa on Twitter