Managing Data Privacy in your Organisation – Where to Start
As more data breaches make headlines, data privacy comes under the spotlight.
How do organisations better manage data privacy? South Africa has had its fair share of data breaches. Additionally, the upcoming implementation of the Protection of Personal Information Act, or PoPI Act for short, will soon have a large impact on how you manage documents and data that contains personally identifiable information.
In light of the above, it behoves you as a company executive, or Records Manager, to take a closer look at how you handle and manage data that contains personally identifiable information.
In many cases, you might feel that turning this hat over to your lawyers is enough, but is it?
While your legal experts may know all the legal aspects of data privacy and compliance procedures, they probably do not know much about the inner workings of your organisation and the records management procedures that control the flow of information throughout your departments.
Data Privacy – Be a part of the conversation
Thus, as a company executive, and especially as a Records Manager, it is important to be a part of the process of ensuring data privacy while apprising your legal team of the daily realities of your organisation’s information governance.
As a Records Manager, you will understand the need for, and the immense task of managing your company’s records. Not communicating with your legal team about your organisation’s data management needs is asking for complications that you just don’t need. With no knowledge of your records management process, your lawyers may implement controls that make proper records management difficult or damage efficiency.
Proper two-way communication will not only make your life easier, but it may help your legal team to implement better and safer processes for data privacy. By aligning your efforts, you will create a better environment for a win-win situation.
There is more to Data Privacy than just Digital Documents
Traditionally, we associate data privacy with electronic data, which can be accessed by hackers. While much of your organisation’s data is in electronic format today, you cannot forget about, and sideline, the paper records of your organisation.
While paper records cannot be stolen in the same sort of volumes as electronic data, they are nonetheless vulnerable to theft and destruction, more so if they are neglected and not given the priority, which they deserve. A single paper document stolen can be just as destructive to your organisation as stolen electronic data if it records the right, or perhaps wrong information.
Thus, it is clear that data privacy is not solely in the realm of your legal team but very much a part of the Record Manager’s area of operation. By working together, both parties can ensure an excellent level of security, and once the PoPI Act comes into effect, an acceptable, if not stellar level of compliance with legislation.
Iron Mountain, as an expert Records Management company has many years dealing with both sensitive records and the regulations that govern them. We offer a wide range of customisable solutions that cover both the preservation of and the security of your organisation’s records. For more information on these solutions take a look at our Products & Services page or contact us today.
Image Credit: Copyright: silentgunman / 123RF Stock Photo