POPIA
DIY

WEEK 1:
Demystifying personal information

This week we will look at:

  • what personal information is
  • what data subjects are
  • why privacy matters
  • privacy awareness in your business

Personal information (PI) means information relating to an identifiable, living individual or an existing business (‘juristic person’). This includes the information you may have of your customers, your employees, service providers, and members of the public. We call these DATA SUBJECTS.

Here are some examples:

  • Identifiers such as: a name, identity number, staff number, account number, customer number, company registration number, tax number, photos and videos, or any other ‘assignment’ to the person used to identify him or her.
  • Demographic information such as: race, gender, sex, pregnancy, marital status, national or ethnic or social origin, colour, sexual orientation, age, physical or mental health or well-being, disability, religion, conscience, belief, culture, language, and birth.
  • Contact details such as: physical and postal addresses, email addresses, telephone numbers, online identifiers (e.g. a person’s twitter handle), and location information.
  • Financial information such as: bank and other account numbers, bank statements, salary information, and financial statements.
  • Usernames and passwords.
  • Background information such as: education, financial, employment, medical, criminal, or credit history.
  • Biometric information: this refers to techniques of identification that are based on physical, physiological, or behavioural characterisation such as blood typing, fingerprinting, DNA analysis, retinal scanning, and voice recognition.
  • A person’s opinions, views, and preferences.
  • Private or confidential correspondence and any further correspondence that would reveal the contents of the original correspondence.
  • Views or opinions about a person (such as interview notes and trade references).

We’ve included a poster that you can use as reference.

People care about how their PI is treated – just think about how you feel when you are completing a form that asks for your PI. But why should your business care about the PI of your staff and customers?

#1 Personal information and trust are assets
There is value in having high quality PI (which is one of the requirements of POPIA compliance) that is kept secure (another requirement).

#2 Keep your reputation intact
Privacy has become increasingly important to consumers as the internet is playing a central role in how consumers interact and transact with each other and with organisations. Privacy breaches not only result in a loss of profit, but also affect consumers’ trust in an organisation.

#3 When it is done right, POPIA compliance saves you money
Implementing the POPIA principles in your organisation should lead to a reduction in operational costs.

#4 Legal compliance
Compliance reduces the risks of restrictions on processing activities, fines, and lawsuits. The POPIA established a new Information Regulator who has wide-ranging powers to prohibit the processing of PI which it deems unlawful.

We have a responsibility to protect the PI of our customers, employees, and service providers. We must consider it in each small task we perform: when a customer completes a form, when we make a sale, speak on the phone, or send an email.

We need to be mindful of how we treat PI and not unwittingly share it with the wrong people, or lose it. Creating awareness in your business about the basic principles of good information governance is the first and most important step towards taking care of PI.

This week your task is to introduce the concept of privacy and raise awareness about the need to protect the PI in your business of your customers, employees, and service providers.

Here are a few tools you can use to create awareness in your business:

  • Send this email to your employees and set aside time for everyone to talk about the concept of privacy. Ask everyone to think about the actions they take and processes they follow each day that involve PI.
  • Put this poster up in your back office or administration area to use as reference.

As we work through this 10-week programme, keep the conversation going and involve everyone in finding the best solution for your business.

We’ve included a workbook that you’re going to use during this programme. We’ll start working on it next week. In the meantime, save it somewhere safe.

In your workbook, you can record any risks you identify in your processes, as well as risks relating to information governance in your business. You’ll be making a list and doing a risk review using the Risks Master tab.

We’ve included examples and guidance throughout the workbook to help you.

Remember that you have a free one-hour consultation included with this programme!
Use it, and contact us if you have any questions about this week’s topic.