According to Gianmarco Lorenzi, CEO of Cleardata, the POPI stipulates that the destruction or deletion of a record of personal information must be done in a manner that prevents its reconstruction in an intelligible form. Failure to comply with this legislation means a breach of an organisation’s legal obligations.
He says that shredding is still the most effective way for businesses to safeguard against document reconstitution. “Potential consequences of not destroying documents properly include, among others, identity theft, leaking of trade secrets to competitors and employees, legal ramifications and financial losses.”
Lorenzi highlights that non-compliance of rural branches of companies are of particular concern, as the availability of compliant destruction services in these areas is often either lacking or non-existent.
He says unfortunately, most companies will spend thousands of rands protecting their electronic data through the use of firewalls and high-tech information security, but will let their paper leave the building in the hands of a stranger. “Apart from the legal consequences, it simply makes good business sense to protect your ideas, business plans and budgets from being available to the prying eyes of competitors,” says Lorenzi.
He says data protection risks are faced by all industries, however, financial institutions, medical and insurance companies are most at risk, due the vast amount of personal client information they house.
However, Lorenzi says the majority of large South African companies are starting to realise the importance of responsible disposal of documentation. “This is as a result of pressure from international parent companies, increased awareness of the risks involved in failing to shred documentation properly and the recent ‘green’ movement, focusing not only on reducing carbon emissions, but also on the recycling of paper.
Lorenzi recommends businesses should ensure that they use only reputable document shredding companies that have been certified by the National Association for Information Destruction [www.naidonline.org].