Advertise Here
Icon

Directory

IconAssociations and Institutes
IconBBBEE Consulting and Verification Agencies
IconCompare Medical Scheme Benefits
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconEmergency Medical Rescue
IconExpatriate Cover
IconHealthcare Consultants
IconMedical Aid Brokers
IconMedical Aid Schemes
IconMedical Malpractice Cover
IconMedical Schemes Trustees Liability Insurance
IconMedical Service Providers
IconOmbud
IconOnline Quotes
IconPublications
IconRegulatory Authorities
IconWellness Programs
Image
  Subscribe To »

FOR YOUR EYES ONLY-POPIA ESSENTIALS

Published

2020

Thu

12

Nov

The Protection of Personal Information Act (POPIA) has been in the making for a while, with certain aspects already introduced. It is finally set to come into full effect after President Cyril Ramaphosa said, in June, that the effective date for compliance is 1 July 2021, and most organisations will have much to do to get ready during this grace period.

Privacy is a basic human right. Individuals have the right to:

  • access their data
  • change or update it
  • request that it is deleted
  • object to direct marketing
  • be notified if data is compromised
  • lay a complaint with the information regulator

Globally, data protection is in the spotlight. The European Union’s General Data Protection Regulation, which has become a benchmark for data protection laws around the world, has been in operation for just over two years and is strictly enforced by regulatory authorities. A recent ruling by the European Court of Justice resulted in the US having to scramble to put a federal data protection law in place.

Russell Nel, data protection officer at Alexander Forbes, says “good data protection practices help to foster trust with your customers, stakeholders, and the general public”.

 

Under the law, one of the rights that individuals have is to be notified when their information is collected. At a minimum, they should be told:

  • what information will be collected
  • the reasons or purpose for collection and processing
  • who their information will be sent to
  • any laws requiring such collection

 

Data breaches are a costly business – even if the information regulator has not issued any fines, your reputation will be damaged because of a breach, making it more difficult to attract and retain clients.

Nel discusses some of the key privacy challenges corporates face:

  1. Privacy is seen as a compliance matter

While many organisations try to drive privacy from a compliance perspective, in reality it is much broader than that. A good privacy implementation should involve all areas of a business – from business operations, to risk and compliance, marketing, and particularly information technology.

  1. Time and effort to comply are underestimated

Organisations overseas, particularly in the UK and Europe, have had data protection laws in place in some form since the 1990s. Despite the fact that they have had two decades to prepare, many organisations are still largely unable to fully comply with these laws, and we see regulatory authorities issuing multi-million euro fines with alarming frequency.

  1. Data protection never ends

Data protection requires constantly re-evaluating your organisation, and the risks to personal information. Just because you are secure today does not mean you will be protected tomorrow – technology, business and the markets evolve rapidly, and you need to keep up.

Privacy and data protection need to be built into operational processes; systems may need to be upgraded or replaced, and people need to be trained.

Nel said that, before a data breach even happens, the trustees should review the company’s insurance policy and engage with the brokers to ensure that adequate cover is put in place once POPIA takes effect. This means making certain that insurance cover for a breach is adequate.

He explains that, if personal information is compromised or accessed by an unauthorised user, the responsible party will need to notify any individuals who may be affected, as well as the information regulator.

“Trustees have an obligation to ensure that this information is appropriately protected.”

Some things that can be done to protect information in accordance with POPIA principles:

  • Make sure that any printed documentation is securely locked away, and shredded when it is no longer needed
  • With the Covid-19 pandemic, more people are working remotely. Make sure that family, friends and children do not have access to private information or the systems on which it is stored
  • Make sure that laptops or computers are encrypted and that mobile devices are secured with a PIN or biometric access control. Investigate the possibility of minimising, redacting or ‘de-identifying’ data so that it cannot be used to identify an individual if it is compromised.

 

“This is especially important when transmitting data by email, as email fraud and spoofing attacks are on the rise, especially in light of increased remote working,” concludes Nel.

 
Source: ALEXANDER FORBES
 
« Back to previous page Print this page » |
 

Breaking News »

NORTON ROSE FULBRIGHT SCOOPS AWARD FOR INNOVATIVE INSURANCE COMIC BOOK

At a virtual awards ceremony on Friday November 13, 2020, Norton Rose Fulbright in South Africa was recognized by the Institute of Risk Management South Africa (IRMSA) for leaping out of the proverbial box with ...
Read More »

  

Health checks and treatment should be addressed even during COVID-19

Around the world, many people are choosing to delay treatment for serious and chronic ailments because they are worried about being exposed to COVID-19 in healthcare settings. In the early months of the pandemic, ...
Read More »

  

Medical malpractice claims, adverse inferences and res ipsa loquitur

The Eastern Cape MEC for Health was held vicariously liable for the negligent conduct of provincial hospital nursing staff in failing to take the necessary steps to ensure that a patient’s wound was properly ...
Read More »

  

Health checks and treatment should be addressed even during COVID-19

Around the world, many people are choosing to delay treatment for serious and chronic ailments because they are worried about being exposed to COVID-19 in healthcare settings. In the early months of the pandemic, ...
Read More »

 

More News »

Image

Investment »

Image

Life »

Image

Retirement »

Image

Short-term »

Advertise Here
Advertise Here

From The Glossary »

Icon

Automatic Reinsurance:

A reinsurance procedure whereby the reinsuring company binds itself unconditionally to accept reinsurance for specified amounts in proportion to the amount retained at its own risk by the direct writing company. This permits the direct writing company to issue a policy at once if the amount of insurance is within its own retention plus the automatic coverage.
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2020. All Rights Reserved.