As part of our recent secure destruction whitepaper, we sat down with Office/Compliance Manager Pieter Nienaber to discuss all things secure destruction in South Africa! Read more now:
What’s the situation and background in South Africa when it comes to secure destruction?
In South Africa we have a lot of physical documents that need to be destroyed. Many of our customers who have been with us for more than 10 years are waking up to that because of new privacy laws.
These were introduced in the POPI Act, which stands for the Protection of Personal Information Act. It’s very similar to the international data privacy laws in other parts of the world, such as GDPR in Europe, but there are also tweaks to make it more relevant to Africa.
For instance, you can be held responsible as an individual, not just as an organization. So, it’s been defined to fit our own environment here in this region.
Fines for breaching the Act can be as high as 10m Rand – or even a jail sentence in extreme circumstances.
What does the Act focus on?
It’s all about protecting personal data and protecting data subjects from harm if their information is not looked after properly – so for instance, from theft or discrimination.
One of the biggest focuses is on protecting account numbers and that has been well publicized in South Africa. So, the most affected industries are financial services, healthcare, and marketing.
There’s also a big focus on retention dates. Records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected.
There are some exceptions, for instance when the data is required by law or contract. But it is no longer acceptable to keep personal data longer than is needed.
In terms of storage, personal identifiable information needs to be secured by a seal and can only be stored for three months here. Anything which is identifiable information, like log sheets or IDs, unless they are attached to any HR documents, need to be destroyed after that period.
As a result, a lot of clients are thinking much more about their retention policies when to review or destroy documents.
Has it changed the services which Crown Records Management offers?
We are offering destruction processes not only for clients who store boxes with us but for other companies, too. Businesses which don’t work with us right now but want to destroy their documents. It’s still a trackable service with a secure destruction process and a certificate of destruction at the end of it.
What other new services do you offer?
We are also offering bin rotations. We can hire out a secure destruction bin to customers, perhaps for a month or two weeks, and we then charge them per kilogram for the destruction of the company records collected in the bin.
It’s a secure bin and once it is full, it is then transported by a trackable vehicle to our secure destruction centre. A certificate is issued once the information has been securely destroyed.
We don’t see many other records management companies offering this service and it’s a popular one because of its simplicity.
The bottom line is that if businesses have documents which are no longer required but which contain business or private information, they need to be securely destroyed.
What happens to the paper once it has been destroyed?
This is one of the beauties of the service, because the paper is then pulped. This has two benefits. Firstly, it means any information which was on the paper is now destroyed once it leaves the pulping station and cannot be read. Secondly, the pulp is recycled to make other paper products such as toilet paper. So, it’s good for the environment, too.
How important is the secure destruction certificate you offer?
It’s very important because it gives businesses the satisfaction that the documents have definitely been destroyed. It’s good for the auditors, showing that the process is transparent and recorded for auditing purposes.
What is coming over the horizon in terms of secure destruction in South Africa? Will the POPI Act influence any changes?
South Africa is pretty new to this kind of legislation, so we are just getting used to it. But it is certain to become more influential as time moves on.
We also see a movement towards digital data, which has already happened in other areas of the world.
The pressure to look after data is already there because people in South Africa are more aware than before. It’s going to be more and more important that companies who look after personal data have a data privacy policy and a secure destruction program in place, especially the bigger companies and those who want to grow.
“Secure destruction of digital data is relatively new here, but it’s growing, and demand will only increase.”
Pieter Nienaber, Office/Compliance Manager, South Africa
READ THE GLOBAL SECURE DESTRUCTION WHITEPAPER NOW!
Or, find out more about our Secure Destruction services here!
