The Protection of Personal Information Act (POPI Act or POPIA) commenced on 1 July 2020, with critical sections of POPIA coming into effect. The insurance sector, in particular, processes extensive amounts of high-risk personal client information. It is essential that companies manage their risk exposure by enforcing robust data governance measures.
An informative video created by Barkers’ underwriters, iTOO Special Risks, is a comprehensive insight into what practical considerations a company striving towards compliance with POPI can do.
You can watch the video by clicking here.
The below are some tidbits sourced from the above mentioned video by Barkers, Alessandra Kearns:
Data is an asset which can be bought and sold and is, therefore, considered a new world currency.
POPIA is in motion to ensure safe and secure data passage whilst a person or entity possesses “ownership” of the data because it has the power to create currency without consent.
This Act includes electronic transaction, consumer protection, privacy and data protection as well as cyber crimes.
To have lawful grounds in terms of receiving, collecting, storing and destroying Personal Information, consent must always be proven. Data can be collected in automated (A.I and computers) as well as non-automated means (forms and telephonically). Besides the obvious, personal particulars also include information of a juristic entity, biometrics and special information such as race or religion. Such information does not only pertain to identification, contact and financial concerns.
Data Controllers, for example the Insurer, and Data Operators, for example the Broker, act in the capacity of an agent on behalf of the Insurer. Both are responsible for data protection according to the Act, even with the best agreements in place.
Over 90% of the world has legislated Data Protection laws. South Africa is one of the only countries that has given the Information Regulator, Pansy Tlakula, the power to sue for damages on behalf of a person or entity. The Information Regulator has the following functions/abilities:
- Search and seizure of assets,
- Monitor and enforce compliance through penalties,
- Manage refusals or appeals,
- Act as an arbitrator for the refusal of access (when you request what data has been held about you and the entity will not supply it),
- Use of financial and health information.
Organisations proven noncompliant with the POPI Act, whether intentional or accidental, stand to suffer serious penalties. Depending on the severity of the breach, the POPI Act subsidises fines of up to R10 million and a jail sentence of up to 10 years.
THE GREAT HACK DOCUMENTARY
To find out more about what provoked the world in this regard, the Netflix Documentary called THE GREAT HACK on the Cambridge Analytica Saga, will further enlighten you.
This show explores how a data company came to represent the dark side of social media (Facebook) following the 2016 U.S. presidential election.
Tips to ensure the safety of your business when working remotely, which has become, and is expected to remain, the norm owing to the Covid-19 pandemic:
- Ensure your Wi-Fi connection is secure.
- Ensure anti-virus, anti-malware and anti-ransomware is installed and updated.
- Ensure security patches and updates are applied as soon as possible after the release.
- Enable encryption on your end-point as well as any storage devices being used.
- Use a secure connection to access your work environment, such as VPN ideally with multi factor authentication.
- Ensure you lock your screen if working in a shared space.
- Do not leave your device unattended if working in a shared space.
- Remain vigilant for potential phishing and malicious emails.