SA banks urged to take precautions with clients' personal information

While head office may already be working closely with legal teams to ensure compliance, they may be forgetting about an often overlooked aspect of the organisation: its network of branches across the county. It is imperative to ensure that regulatory requirements extend to all areas of the organisation, regardless of their location, as non-compliance with legislation governing data protection branches could potentially lead to the downfall of the organisation.

The POPI standards require that personal information is not only securely stored and managed, but also properly disposed of in a manner where the information cannot be reconstituted. Every company that has access to personal information relating to their employees or clients has a responsibility to dispose of that information in a proper manner. Risks are faced by all industries; however financial institutions, such as the banks, are faced with an even greater risk due the vast amount of personal information they have relating to their clients.

Legal, reputational and financial consequences

If documents are not disposed of effectively, the organisation could face legal, reputational and financial consequences. Companies can be held liable for identity theft if a client's information falls into the wrong hands. Casually discarding information shows a callous disregard for customer and shareholder interests.

It is advisable to ensure that all organisational branches are reviewed constantly with regards to data protection regulations and necessary steps are taken to ensure adequate levels of compliance.

Besides compliance with information protection legislation, organisations also need to protect company trade secrets from competitors. If confidential information about a new product line or strategic plan is left lying in an exposed rubbish bin it is vulnerable to the eyes of competitors and companies may find their competitive advantage is lost.

Shredding unwanted documentation remains the most effective data destruction method as it ensures that the documentation cannot be reconstituted in any way. Employing the services of a reputable data destruction company that is compliant with international standards of data destruction is the most reliable way of ensuring that confidential documentation does not fall into the hands of unauthorised parties.

In light of the impending POPI coming into law, is essential for all businesses to protect their information at all transaction points and employ strict governing principals at all branch locations to ensure that no documentation is left exposed to avoid the consequences of non-compliance.