In 2014, 974 million company records were lost or stolen in South Africa alone – which is 31 records every second. The Protection of Personal Information Act (POPI) aims to protect companies and consumers from the dangers associated with personal information falling into the wrong hands as a result of such data breaches, and businesses who handle personal information must do so in accordance with the Act and its eight conditions for lawful processing. With more than a third of South Africa’s companies experiencing data breaches it’s clear there is an immediate and pressing need for organisations to get to grips with POPI and the implications of falling short of the requirements of the Act – which soon will be gazetted.
With many of the Acts provisions already in effect, Camargue has launched a new electronic guide to POPI – Protection of Personal Information Made Easy – reinforcing its proactive thought leadership approach to its classes of insurance. This initiative was commissioned to POPI expert, Kirsty Melville-Nieman, a passionate consumer rights activist and journalist known for her Consumer Protection Act Made Easy guide. The eBook is available free to brokers and their clients, and can be downloaded from the Group’s website.
POPI seeks to regulate the processing of personal information, from its collection to its destruction and everything in between – such as storage and safeguarding and according to Camargue managing director, Mitch Marescia, the legislation will significantly affect insurers, insurance brokers, and loss adjusters. “The impact of this legislation is far-reaching and familiarity with POPI is fundamental to delivering a professional insurance service and the industry must make a resolute effort to up skill on the matter. Knowledge is power!”
The new book’s eight chapters cover a vast array of topics associated with POPI, including legal definitions, dealing with data leaks, processing personal information and children, direct marketing, and the penalties for non-compliance to name but a few. Marescia says it’s practical, easy to digest, and cover to cover – an instructive and illuminating read.
“The penalties for non-compliance with POPI includes fines of up to R10 million or imprisonment depending on the offence; prison sentences vary and are under 12 months for lesser offences and up to 10 years for gross offences. POPI is not to be taken lightly. Ignorance will not cut it when it comes to defending negligence,” says Marescia. “And with DDOS attacks and ransomware continuing to spread and infect devices around the globe – it’s clear that criminals will keep reinventing and do whatever they can to exploit vulnerabilities and find new ways to attack, breach and steal.”
Data breaches risk exposing consumer’s personal information and opening them up to identity theft and fraud which was what lead to Target CEO’s resignation in December 2013 after the company announced that 110 million customers’ personal information had been breached. More than 40 million customers had their encrypted pin numbers, credit card and debit card numbers, card expiration dates, as well as the embedded code on the magnetic strip stolen. A further 70 million customers’ personal information which included names, addresses, email addresses and phone numbers were also compromised.
In another instance, despite nearly 60 000 security alerts being set off in the four month period between July and October 2013, luxury department Neiman Marcus only discovered the data breaches in January 2014. The retailer was in compliance with standards meant to protect transaction data when the attack occurred but 350 000 customers’ credit card information was stolen and of these 9200 have been used fraudulently since the attack [as of May 2014].
Another high profile case reported extensively was when up to 145 million eBay customers potentially had their personal information leaked – as admitted by the company in May last year. While email addresses, phone numbers and other details were hacked, eBay insists that there is no evidence that financial data was compromised.
Marescia says that these examples of cybercrime serve to demonstrate just how at risk of data breaches companies have become as a result of online predators and hacking in recent years – and confirming the massive scale on which they can occur. “Cybercrime is a new kind of terrorism – a form of warfare. This is not something that’s going to go away; it must be managed.”
Marescia concludes that many small and medium-sized businesses underestimate the threat online fraud poses to their profitability, cash flow and reputation. “Just because it can’t be seen doesn’t mean it’s any less real and companies big and small must take measures to manage, mitigate and migrate their risks.”
Protection of Personal Information Made Easy should not be seen as a substitute for legal advice – which should be secured in consultation with a qualified lawyer. Download a copy of Camargue’s free eBook: http://bit.ly/1fwiVi2
* Follow Gadget on Twitter on @GadgetZA