The advent of Protection of Private Information Act (PoPIA) from 1 July 2021 will make us all look at how we collect information from subjects and to question what is necessary to gather. In short, most firms - large and small - process data of some sort and will have to comply with regulations around how we collect, store and protect such data.
Antiquated ways of gathering information will need to fall away. To illustrate, having to provide your ID number to a security guard when visiting an office – is this really necessary?
We are the champions, my friend
The financial services industry has an opportunity to champion a better way forward. A way that is more private and suited to safe, personal interaction online. Financial institutions should not ask for unnecessary personal information, unless it’s imperative to completing a task, and is legal to pursue.
It can be insightful to gather details on clients, but this data also needs to be safe to gather, quantified and some good needs to come from it – problems it identifies need to be addressed.
Reassessing what is needed in the data collection process and perhaps even streamlining to use data more efficiently is the way forward. This will attract younger clients and retain current clients too, those who are already using technology to simplify their day to day. It’s important to listen to your customers, solve their problems and make it all happen as quickly, fairly and legally as possible.
PoPIA will promote change
A recent Compli-Serve SA webinar with guest speaker, Elizabeth de Stadler of Novation Consulting looked at the final countdown to PoPIA compliance and where to focus first if you are falling behind. It’s an area of regulation no business in any industry can get around but it can be difficult to grasp whether your dealings with data are sound.
Here are some questions Elizabeth suggests asking about data, to ensure if you are intending to use it as you should.
- Is it necessary for the conclusion or performance of a contract?
- Is it necessary for compliance with legislation?
- Are you protecting a legitimate (vital) interest of the data subject? (they can object)
- Are you a public body performing a public law duty? (they can object)
- Are you protecting a legitimate interest of your organisation or a third party? (they can object)
PoPIA applies to any information (gathered before or after 1 July). A compliance breach through unreasonable behaviour will get you into trouble you can easily avoid by sticking to the rules.
As all firms go into this new era of privacy and data-protection, it will be important to have access to the necessary skills and knowledge to guide your business along the right pathways as it will be a continuous journey from here on out.