The influence of the POPI Act on secure destruction

Secure destruction is an effective, easy-to-deploy solution with the power to make your life simpler. Find out more information now!

Secure destruction services in South Africa are booming, with more and more companies of all sizes looking to destroy their data securely. But what lies behind this current trend?

Well, one of the primary drivers making companies more interested in secure destruction is South Africa’s POPI Act, which stands for the Protection of Personal Information Act.

It has had a great deal of publicity and most people are aware of it, but not every business knows what to do about it! And that’s why they come to Crown Records Management for advice.

The POPI Act is all about protecting data, especially personal information, and is based on Europe’s GDPR legislation – but with an African flavour to reflect cultural differences here.

It sets out a strict framework for how data should be collected and stored including, crucially, how long it should be kept.

It means that secure destruction is now boardroom news and rapidly being embraced as an effective solution to a growing business challenge.

The fact that The POPI Act imposes major fines, as high as 10m Rand, or even a jail sentence for breaching the rules, means date protection simply cannot be ignored.

In fact, unlike in Europe where companies alone are held responsible for a breach, an African twist to the regulations means individuals can also be culpable. That is certainly focusing minds across all business sectors!

The importance of keeping personal data safe
The POPI Act is all about protecting personal data and protecting data subjects from harm if their information is not looked after properly – for instance, from theft or discrimination.

One of the biggest focuses is on protecting account numbers and that has been well publicised. So, the most affected industries are financial services, healthcare, and marketing.

There is also a big focus on retention dates. Records of personal information must not be kept any longer than is necessary for achieving the purpose for which the information was collected.

There are some exceptions, for instance when the data is required by law or contract. But it is no longer acceptable to keep personal data longer than is needed.

So, it is particularly important that companies know what is in the boxes they are storing – and when they should be destroyed.

In South Africa, private identifiable information should be secured with a seal and kept for no longer than three months, for instance.

There are exceptions of course.

But as an example, log sheets and IDs, unless they are attached to HR records, must be destroyed after that period. Our experts can provide advice.

You can also ask us about digital secure destruction as businesses begin to store data on servers and hard drives instead of on paper.

For new and prospective clients:

Contact us as soon as possible to discuss your secure destruction needs and find out the options available to you.

If you do not have a retention policy in place already, we can explain how to begin the journey.

A reminder of some of the services we offer, both for current clients who store boxes for us and for new clients who are looking for help with secure destruction:

1. Identifying risk: Understanding where the risk likes in your business is vital, and Crown Records Management has many years of experience in this field. We can work with you to identify and mitigate data risk.
2. Retention policies and reminders: knowing what is in your boxes and how long the contents should be kept is the very basis of a secure destruction programme. Crown Records Management can help clients set up a retention schedule for all boxes and remind them when data is ready for secure destruction. Our system also makes it easy and quick to find individual boxes and locate documents.
3. Physical data secure destruction: documents can be securely destroyed onsite or offsite and we offer a range of destruction methods.
4. Digital data secure destruction: not all data is on paper. Crown Records Management can also securely destroy digital data, for instance on disc or hard drive. We can even destroy hardware, from laptops to printers. Always consider the environment before choosing whether equipment needs to be securely destroyed or whether it can be wiped and then re-used.
5. Fully audited service: a full audit trail is provided to show that your data has been securely destroyed.
6. A secure destruction certificate: a certificate is provided once data has been securely destroyed.
7. Secure destruction bin rotations: a new service designed to make it simpler for clients to look after their data. Use one of our secure, locked bins to store physical data which is due for destruction – and leave it to us to transport it by a trackable vehicle to a secure destruction centre.
8. Environmentally friendly secure destruction: as a business, Crown Records Management is committed to the fight against climate change, and we like to work with clients with the same philosophy – and to help each other become greener. Pulping is an effective method of secure destruction which ensures the original document can no longer be read. But it is also good for the environment because the pulp is recycled to make other paper products.

If you haven’t considered secure destruction yet, this is the right time to act.

Data protection can be a complex issue, especially in the current era in South Africa

But secure destruction is an effective, easy-to-deploy solution with the power to make your life simpler.

Check out Part 1 of our interview with Pieter Nienaber here!