Gianmarco Lorenzi, Managing Director of Cleardata, a group company of JSE listed Metrofile Holdings Limited, says that while head office may already be working closely with legal teams to ensure compliance, they may be forgetting about an often overlooked aspect of the organisation - its network of branches across the county. “It is imperative to ensure that regulatory requirements extend to all areas of the organisation, regardless of their location, as non-compliance with legislation governing data protection branches could potentially lead to the downfall of the organisation.”

 

The POPI standards require that personal information is not only securely stored and managed, but also properly disposed of in a manner where the information cannot be reconstituted, says Lorenzi. “Every company that has access to personal information relating to their employees or clients has a responsibility to dispose of that information in a proper manner. Risks are faced by all industries, however financial institutions such as the banks are faced with an even greater risk due the vast amount of personal information they have relating to their clients.”

 

He says that if documents are not disposed of effectively the organisation could face legal, reputational and financial consequences. “Companies can be held liable for identity theft if client’s information falls into the wrong hands. Casually discarding information shows a callous disregard for customer and shareholder interests.”

 

“It is advisable to ensure that all organisational branches are reviewed constantly with regards to data protection regulations and necessary steps are taken to ensure adequate levels of compliance.”

 

Lorenzi says that besides compliance with information protection legislation, organisations also need to protect company trade secrets from competitors. “If confidential information about a new product line or strategic plan is left laying in an exposed rubbish bin it is vulnerable to the eyes of competitors and companies may find their competitive advantage is lost.”

 

Shredding unwanted documentation remains the most effective data destruction method as it ensures the documentation cannot be reconstituted in any way, says Lorenzi. “Employing the services of a reputable data destruction company that is compliant with international standards of data destruction is the most reliable way of ensuring confidential documentation does not fall into the hands of unauthorised parties.

 

“In light of the impending POPI coming into law is essential for all businesses to protect their information at all transaction points and employ strict governing principals at all branch locations to ensure no documentation is left exposed to avoid the consequences of non-compliance,” concludes Lorenzi.