POPI Approval Could See Companies in Hot Water Over Ineffective Document Destruction Practices

Following the recent approval of the Protection of Personal Information Bill by the Government’s Justice Committee

September 13, 2012

Following the recent approval of the Protection of Personal Information Bill (POPI) by the Government’s Justice Committee, businesses which fail to implement effective information destruction practices could find themselves in hot water following the introduction of this long awaited information protection legislation.

This is according to Gianmarco Lorenzi, CEO of Cleardata – a group company of JSE listed Metrofile Holdings Limited – who says the POPI stipulates that the destruction or deletion of a record of personal information must be done in a manner that prevents its reconstruction in an intelligible form. Failure to comply with this legislation means a breach of an organisation’s legal obligations.

He says that shredding is still the most effective way for businesses to safeguard against document reconstitution. “Potential consequences of not destroying documents properly include, among others, identity theft, leaking of trade secrets to competitors and employees, legal ramifications and financial losses.”

Lorenzi highlights that non-compliance of rural branches of companies are of particular concern, as the availability of compliant destruction services in these areas is often either lacking or non-existent. “Often companies will implement a records destruction service for their buildings located close to the centre of town or business hubs, but forget about rural branches. Companies need to ensure proper document destruction forms a part of a comprehensive risk management strategy and incorporate all branches to ensure effective risk mitigation and compliance with current and impending data protection legislation.

He says unfortunately, most companies will spend thousands of rands protecting their electronic data through the use of firewalls and high-tech information security, but will let their paper leave the building in the hands of a stranger. “Apart from the legal consequences, it simply makes good business sense to protect your innovative ideas, business plans and budgets from being available to the prying eyes of competitors,” says Lorenzi.

He says data protection risks are faced by all industries, however, financial institutions, medical and insurance companies are most at risk, due the vast amount of personal client information they house.

However, Lorenzi says the majority of large South African companies are starting to realise the importance of responsible disposal of documentation. “This is as a result of pressure from international parent companies, increased awareness of the risks involved in failing to shred documentation properly and the recent ‘green’ movement, focusing not only on reducing carbon emissions, but also on the recycling of paper.

Lorenzi recommends businesses should ensure that they use only reputable document shredding companies that have been certified by the National Association for Information Destruction (www.naidonline.org).