Compliance with data protection legislation has come under the spotlight since the implementation of legislation such as the Consumer Protection Act, the new Companies Act and the coming Protection of Personal Information Bill.
While businesses are working closely with legal teams to ensure compliance they may be forgetting about an often overlooked aspect of their organisation — the rural branch.
This is according to Gianmarco Lorenzi, managing director of Cleardata, a group company of JSE-listed Metrofile Holdings, who highlights the fact that regulatory requirements apply to all areas of a business regardless of their location.
“Businesses have recently come under pressure to ensure their rural or satellite offices conform to national and international data protection standards. These standards require that personal information is not only securely stored and managed, but also properly disposed of in a manner where the information cannot be reconstituted.
“Non-compliance with legislation governing data protection by rural and satellite branches could potentially lead to the downfall of a company.”
Most at risk
Lorenzi says that every company that has access to personal information relating to their employees or clients has a responsibility to dispose of that information in a proper manner.
“Risks are faced by all industries, however financial institutions, medical institutions and insurance companies are faced with an even greater risk due to the vast amount of personal information they have relating to their clients.”
He adds that if documents are not disposed of effectively companies could face legal, reputational and financial consequences.
“Companies can be held liable for identity theft if clients’ information falls into the wrong hands. Casually discarding information shows a callous disregard for customer and shareholder interests.”
Lorenzi explains that rural or satellite branches present a number of challenges regarding compliance with data protection.
“These include, among others, recruitment, outdated infrastructure, lack of official organisational heads, poor staff training, lack of sufficient funding, insufficient levels of security and lack of official compliance officers. These are all possible reasons for poor levels of compliance with data protection standards in rural branches.
“It is advisable to ensure that all organisational branches are reviewed constantly with regards to data protection regulations and necessary steps are taken to ensure adequate levels of compliance.”
Essential practice
Lorenzi says that organisations also need to protect trade secrets from competitors and non-compliance of company procedures is most likely to occur at a rural level. “If confidential information about a new product line or strategic plan is left in an exposed rubbish bin it is vulnerable to the eyes of competitors and companies may find their competitive advantage is lost.”
He adds that, at a rural level, companies need to ensure employees are not stealing confidential company information for their own personal use.
“Countless new businesses are started by employees using information such as client lists, business plans and operating procedures of their past or current employers.”
Lorenzi says that shredding unwanted documentation remains the most effective data destruction method as it ensures that the documentation cannot be reconstituted in any way.
“Employing the services of a reputable data destruction company that is compliant with international standards of data destruction is the most reliable way of ensuring confidential documentation does not fall into the hands of unauthorised parties.
“It is essential for all businesses to protect their information at all transaction points and employ strict governing principals at all branch locations to ensure no documentation is left exposed, to avoid the consequences of non-compliance with data protection legislation and subsequent repercussions,” Lorenzi notes. — I-Net Bridge