What is POPI or POPIA and what does it mean for me?
The terms have been used frequently over the past few years but there is great confusion over what it entails and what the difference between the two is.
POPI is simply the term for the protection of personal information – which is something each of us does daily – not sharing personal information details with third parties when it is not necessary or relevant.
POPIA however, is the South African Act relating to the protection of personal information. The act legislates how companies are to handle, store and share the personal information that they hold with consequences if best practice is not followed. The act comes into effect on the 1st of July 2021 and carries with it hefty penalties when companies are shown not to be implementing best practice within their specific industry or field.
The term ‘best practice’ on security adoption applies but the level of security companies need to adopt is suitably vague in the Act. The best practice of protecting the information of medical details or the banking sector, for instance, will be a different standard to a general company or store, as it depends on the sensitivity of the personal information being stored.
There are, however, commonalities that apply to all industries and the most important thing is that you are seen to have adopted these best practices. We are probably going to see a changing landscape with regards to security and what is deemed to be best practice however the following basics are recommended to be followed for the moment:
1. Encrypting emails and attachments
We all send emails every day, all day. Under POPIA best practice is to ensure that attachments that contain personal information (invoices, statements, etc) are encrypted as a minimum.
2. Password protecting attachments
It is recommended practice to ensure that the documents you send to consumers are password-protected so that only the intended recipient can access the information sent. The major banks have already adopted this technology and are setting the bar on acceptable best practice for this.
3. Secure document storage
Data now has to be stored behind, in the case of physical documents, locked doors, or in the case of digital – behind the necessary encryption and protection. Storage of data on the cloud, with the correct encryption, also ticks the POPIA boxes.
With Capisol’s cloud, your data is stored securely with encryption. We also provide exception reporting and strict measures of who can gain access to the information. Encryption on attachments is native to our solution and we offer password protection.
When you use Capisol to help protect your customer’s or supplier’s personal information, you get one step closer to compliance with data protection regulations.
