Local electronic records management specialist company, Paper 2 Digital Storage Solutions (P2Dss), has issued a warning to company executives to ensure that they comply at the highest level. It says companies should not be misled into thinking that proposed new privacy laws do not apply to them.
PoPI was conceived to give effect to the right to privacy by introducing measures to ensure that the personal information of an individual is safeguarded when processed. It also balances the right to privacy against other rights, such as the right to information and other important international interests. This is particularly important for the free flow of information within and across the borders of South Africa.
P2Dss CEO Dawid Jacobs says the Bill applies specifically to personal information that is processed. "Company executives need to protect more information than they expect. Processing includes collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, use, dissemination and merging."
Personal information privacy presents a growing challenge as organisations must adapt and comply with complex international laws on how they handle personal information. More importantly, it is imperative that all scanning, digitisation or capturing of paper-based documents, or rather records into electronic format, is done according to set rules and regulations applicable to the industry involved and the laws of South Africa.
The Bill applies to all companies that collect, store, or process personal information including banks, insurance companies, medical and health organisations including medical practitioners, retail stores, and the government. It also includes all employee information which means there are few instances under which personal information does not need to be protected.
To this end, P2Dss has implemented stringent policies and procedures as per all applicable legislative compliance and local and international standards, to ensure that all digitisation of paper-based records is done correctly and that it is documented throughout these processes.
The enactment of the Bill will bring about a significant level of protection to individuals and companies in South Africa with regard to how their personal information is handled. Individuals will now have the ability to hold organisations to account for the ways their personal information is handled or mishandled, as the case may be.
The main purpose of the Bill is to give effect to the constitutional right to privacy and to regulate the manner in which personal information is processed. The Bill also brings South Africa in line with international norms on the protection of data privacy, thereby allowing the flow of personal information to South Africa from other nations with data protection regimes.
This is particularly important for services such as data centres or call centres outsourcing and IT software solution providers who host such information here for foreign organisations. However, local organisations with foreign operations must take heed of the data protection regulations in those foreign jurisdictions to ensure they comply when transferring customer or employee information with South Africa.
