When is POPIA effective from?
Answer: POPIA is effective from 1 July 2021
What is the purpose of POPIA
Answer: The purpose of POPIA is to ensure all South Africans and South African institutions operate in a responsible manner when acquiring, processing (including transferring or sharing) and storing personal information. The legislation holds persons and institutions accountable when information is compromised or used outside the intended purpose.
What does POPIA mean for brokers?
Answer: Any person or institution who has in their possession the personal information of another is responsible for the protection of that information and processing of that information for its intended purpose.
Who does POPIA apply to?
Answer: Natural and Juristic persons (meaning registered companies and organisations); Paper, electronic and voice records.
What is Special Personal Information?
Answer: Not only does Ambeldown handle personal information, but also information POPIA defines as “special personal information”. This includes data of minors, medical information, account numbers, and more. Considered particularly sensitive, additional safeguards are required for the protection and proper use of this information.
What measures have Ambledown put in place to comply with POPIA?
- Our company policies and procedures have been updated to include the POPI Act and its requirements. These policies outline how personal information is secured, recorded, processed, shared, retained, used, and destructed as well as who is entitled to the information.
- All processes were reviewed and updated to comply with the POPIA requirement.
- All administrative forms (including the policy document) have been updated to ensure they include the relevant POPIA declarations.
- All IT security measures were reviewed to ensure all platforms are adequately protected and unauthorised access is prohibited.
- Our administration system was updated to password-protect documents containing personal information. Examples include membership certificates, broker commission statements and provider/member remittance advices. To access these documents the receiver will be required to enter a password as per the instruction in the email.
- For bulk submissions, an SFTP site was created between stakeholders to securely share information.
- If SFTP cannot be used, documents containing personal information, shared via email will always be password protected. No password will be shared in the same or follow up email. A password will be shared via a different platform.
Where the above cannot be followed, the email will be encrypted.
- Documents containing health information will be password protected.
- All call recordings stored on our server are secure and access controlled.
- Training was provided to all staff to ensure they comply with POPIA requirements.
- Various checks are in place to ensure data quality is of a high standard.