POPI is now being fully enforced and it will have an impact on document destruction for companies.
Whilst the Protection of Personal Information Act (or POPI) may not have your business audited or paying fines for bad data management, it has been put into full effect as of 1 July 2020, with a 12-month grace-period, allowing businesses to comply with its new policies on the personal information and the way it is managed within organisations.
The POPI Act has been put in place to provide protection and creat accountability when it comes to personal information of both individuals and companies alike. While it is protecting individuals and companies, it is at the same time placing a responsibility upon those same individuals and companies that may be collecting personal information, requiring them to follow the eight principles of information processing.
How does POPI affect how you destroy documents?
The POPI Act, naturally has an impact on how personal information is destroyed, in line with it’s goal of keeping personal information out of the wrong hands. The Act does not require any specific proof of the destruction of records however, it does require that the method of destruction prevents the records from being reconstructed in a way that makes it accessible.
Legally, this allows companies to still utilise office-based shredders, however, what it does not give them is safety of a Certificate of Destruction which shredding companies like Shredmaster offer, which means that if a dispute were to arise, there wouldn’t b any evidence that the records were destroyed correctly.
In such a case, if it was found that the information that originated from your organisation came into the wrong hands, the penalties can include possible imprisonment and fines of up to R10 million for non-compliance.
At Shredmaster, we offer a legitimate and reliable document shredding service that shreds all types of documentation across all sectors of the market.
Click here to see what we shred!
- ATM receipts
- Bank statements and account information
- Brokerage account information
- Cancelled and voided cheques
- Credit and debit card numbers
- Credit reports and histories
- Drivers’ licence numbers
- Employee pay stubs
- Employment records
- Insurance policy data
- Investment documents
- Medical and dental records
- Passport number
- Phone records
- Tax forms
- Used airline tickets
- Account records
- Bank statements
- Competitive information
- Due diligence files
- Financial records
- Insurance records
- Intellectual property records
- Legal documents
- Market research/material
- Obsolete contracts
- Payroll records
- Personnel files
- Purchase receipts
- Sales forecasts
- Tax records
- Business plans
- Cancelled cheques
- Computer reports
- Credit card numbers
- Obsolete collateral
- Price/inventory lists
- Proposals and quotes
- Proprietary documents
- Computer backups
- Videotapes/cassette tapes
- Casino chips
- Product samples/prototypes
- Old credit and debit cards
How can I get my document destruction compliant?
Getting your document destruction compliant is the simplest part of implementing the POPI policies in your organisation, however, it can also have the biggest impact, with identity theft costing South African’s more than R1 billion each year, according to the South African Fraud Prevention Service.
The best thing you can do now, is to contact your local document shredding company and move your shredding from on-site to off-site, ensuring that whoever you service with can provide you with a Certificate of Destruction for record purposes.
How long do I still have before I am at risk of penalties?
You still have a few months before you start becoming at risk of penalties because the 12-month grace-period lapses on 1 July 2021.
The concern about penalties should not be your biggest concern, but rather, ensuring that your and your clients’ information is safe from any potential threats.
To learn more about how you can become POPI compliant, view some of the links below: