Dear Valued Stakeholder,
In preparation for the commencement of the impending Protection of Personal Information Act 4 of 2013, we have partnered with Michalsons, a leading South African law firm, specialising in Privacy and Data Protection.
Below are some of the initiatives that our business is implementing in order to ensure compliance with the POPI Act.
- Protocols around data/information exchange - we will be implementing password protection and encryption. We will also start using an SFTP site for all exchanges of information as our exclusive channel for personal information / data spec sharing.
- Requirement for consent – We will be updating our forms/documents/disclosures to include a POPIA statement and our privacy policy can be found on our website and linked in all documentation. We have developed a third party consent form for any other instance where consent is required or becomes applicable. We refer to the below clause in the
act:
Consent, justification and objection
11. (1) personal information may only be processed if….
(a) the data subject or a competent person where the data subject is a child consents to the processing;
(b) processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
(c) processing complies with an obligation imposed by law on the responsible party;
(d) processing protects a legitimate interest of the data subject;
(e) Processing is necessary for the proper performance of a public law duty by a public body; or
(f) processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
- Keeping up-to-date records - as the responsible party we will be looking at effective; efficient and responsible ways to continuously improve the accuracy of our data.
- Communication regarding changes to processes and protocols – Once we have completed all updates, we will communicate to Clients; Intermediaries and Policyholders on any applicable enhancements. We plan to communicate via email; SMS and through our website.
- Strict verification processes – our processes within the service centres have been enhanced and we are focusing on stricter, more accurate and streamlined access control and system roles ensuring that only the roles that need access to certain information are able to view or edit as part of performing their duties.
- The below listed internal policies are in review and enhancements will be made where appropriate:
- IT Security
- Incident Response
- Non-Disclosure
- Data Processing
- Cookie and Pop-up policy
- PAIA manual
- Strict verification processes – our processes within the service centres have been enhanced and we are focusing on stricter, more accurate and streamlined access control and system roles ensuring that only the roles that need access to certain information are able to view or edit as part of performing their duties.
- The below listed internal policies are in review and enhancements will be made where appropriate:
- A POPIA clause is being drafted which will be added to Service provider agreements.
- As a control measure we will be conducting regular testing of data security status.
