Protection of personal information policies, procedures and practices should regulate the way in which employees (and maybe operators) process personal information with the aim of protecting it. The policy must dovetail with your organisation’s other policies and policy framework. Often a POPI or Data Protection Policy is part of an Acceptable Use of IT Policy or the issues are covered in other policies.
The target audience should be all employees who process personal information, but especially managers. And maybe operators.
Why are they important?
It is an important part of complying with data protection law. If the Information Regulator decides to fine you, it must consider whether you failed to operate good protection of personal information policies, procedures and practices. The fine could be up to R10 million. If you want to reduce a possible fine you might get, you need to operate good protection of personal information policies, procedures and practices.
How we can help you?
- Put a POPI Policy or Data Protection Policy in place by asking us to draft one for you. It must fit in with the rest of your organisation’s other policies and policy framework.
- Update your organisation’s existing policies to deal with data protection by asking us to review and add to your existing policies. Sometimes this can be easier than trying to draft a new one.
- Check whether your existing policies are up-to-date and in line with latest trends by asking us to do a high-level review of one or many.
What should be in a Data Protection Policy?
The often have some general procedures. And then deal with some specific areas, like:
- Paper records
- Retaining personal information
- Email and personal productivity software
- Remote access
- Laptops and other mobile storage devices (incl. Mobile Phones, PDAs, USB memory sticks, External Hard Drives, etc.)
- Using wireless networks
- Data transfers and encryption
- Posting of paper documents
- Appropriate access and audit trail monitoring
- Disposal of paper and media
- Incident response
Characteristics of good policies
They should be:
- short and to the point
- in plain and understandable language
- well structured
- in accordance with and in line with the latest laws and rules
- clear on what is permitted and what is not
- specific, relevant and applicable to the target audience