Document Shredding Services and the PoPI Act
Why proper document shredding services will become even more important to your business.
While the Protection of Personal Information or PoPI Act has not yet come into force, it will inevitably have an impact on how companies, big and small, their staff, and service providers handle the retention and destruction of records and documents through document shredding services.
Protection comes with Responsibility
The PoPI Act seeks to provide protection and create responsibility when it comes to personally identifiable information. Both individuals and companies can benefit as both are protected by the act.
At the same time both individuals and companies who collect and process personally identifiable information will be required to comply with the eight principles of information processing and so are made responsible for how information is collected and processed.
Naturally, the provisions of the PoPI Act will affect the retention of information and the manner of its destruction. Document shredding services, have for some time, played an important role in the records management policy of many companies, and are now set to play an even more important role as the PoPI Act will apply to companies of all sizes.
Evidence of Destruction
While the Act does not require proof of destruction of records, it does require that the manner of destruction prevents the reconstruction of such records into an intelligible form.
This means that while companies may still legally utilise their own paper shredders large or small, they will not have the protection of a Certificate of Destruction that is issued by all legitimate document shredding service providers once your records have been destroyed.
Were a dispute to arise that questioned a company’s claim that records were properly disposed of, there would be no evidence of such disposal. These companies might then find themselves not only facing prosecution due to non-compliance of the PoPI Act but also open to civil claims.
The PoPI Act has Teeth
The Act itself has largely been well received as it has been well crafted and goes a long way to protecting your personal information. The fact is companies, no matter their size, have to comply with the provisions of the PoPI Act and those that do not will find themselves on the wrong side of the law.
Consider for a moment this scenario:
A spammer sends out an email to 20 000 people at which time more than a few of the recipients lay complaints. An investigation is undertaken, (There will in the future be an Information Regulator who will deal with complaints), and it is found that the email list originated from your company.
You insist that the mailing list was destroyed but since you used your own unsecured shredder, you have no proof of destruction. According to the PoPI Act, you are still responsible and thus you are subject to the penalties.
The penalties include possible imprisonment as well as fines up to R 10 million for non-compliance.
How long do you have to improve your document destruction process?
The PoPI Act was signed into law in 2013 but has not yet come into force. Even so, many large companies are already updating the way the collect, process, store, and ultimately destroy personally identifiable information. Once the Act takes effect, your business will have 1 year to make the necessary changes to its records management policies.
Iron Mountain’s document shredding services aim to assist companies of all sizes comply with the PoPI Act. We offer secure document shredding solutions that are not only affordable but will give you peace of mind, as you will have one less compliance issue to worry about.
Image Credit: Copyright: chainat / 123RF Stock Photo