By Boitumelo Manganyi, Communication and Language Services
We live in a digital led world where the use and access to information is merely a click away. This also applies to the distribution and access to personal information. Technology has enabled the simplicity of processing personal information in more ways than we could previously imagine.
Personal information refers to information that identifies a person and this information is generally provided when one applies for a loan, opens a store or bank account. Information provided usually includes the provision of full names, contact details, telephone numbers, biometric information, identity numbers and more.
The ease of access to and distribution of one’s personal information, as well the recent findings of the Southern African Fraud Prevention Service (SAFPS) in its report on 2020 fraud statistics that risks for consumers of financial and identity fraud are growing by the day, has made it urgent for all of us to understand the value of our information.
We furthermore need to know how our personal information is used, by who? and why? This understanding protects our private details from being used for sinister reasons.
The establishment of the Protection of personal information Act (POPIA) seeks to protect data subjects from security breaches, theft, and discrimination and sets some conditions for responsible parties to comply by lawfully processing and protecting personal information of data subjects. The Financial Sector Conduct Authority (FSCA) is no exempted and is too required to adhere to the POPIA.
The FSCA deals with a myriad of entities and collects personal information across the financial services industry, to give effect to the right to privacy requires strict compliance with applicable privacy laws as defined in the Protection of Personal Information Act No 4 of 2013 which are to:
- promote the protection of personal information processed by public and private bodies;
- introduce certain conditions so as to establish minimum requirements for the processing of personal information;
- provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
- provide for the issuing of codes of conduct;
- provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
- regulate the flow of personal information across the borders of the Republic; and
- provide for matters connected therewith.
The implementation of the POPI Act has amplified information governance within the FSCA, whose holistic approach will seek to manage information with renewed processes, roles and controls to treat information as a valuable business asset.
This approach comes with a wide range of benefits such as:
whoever requires access to certain information can receive it;
- underlying data is properly managed, stored and secured;
- regulatory requirements are correctly observed, where necessary; and
- risk management is in place to minimise any issues that might arise from incorrect use.
Whereas the implementation comes with improved efficiencies in processing and storing data, there are inherent risks that also need mitigating. The FSCA has therefore designed controls that aid in maintaining confidentiality, prevent loss and mitigate unauthorised access and damage to information by unauthorised parties. The FSCA continuously conducts rigorous security vulnerability assessments to reinforce its security posture and provides assurance to internal and external stakeholders.
As required by the Protection of personal information Act, the FSCA has established adequate safeguards and controls to protect both its internal and external stakeholders from harm when processing personal information. The most crucial safeguards which will drive full POPIA compliance by the FSCA is the laying of a solid foundation internally and providing POPIA training initiatives to all staff members, to ensure that they know the importance of protecting, processing and sharing of personal information.
What does this mean for financial services providers?
To fulfil one of its tasks of processing applications for the registration of licenses, the FSCA is required to collect personal information from persons or multiple sources. The processing of such information aids in supervising the business conduct of entities that are regulated by the FSCA and makes it easier to identify and enforce any contravention of sector laws from registered entities.
What does this mean for financial customers?
Customers can rest assured that all entities regulated by the FSCA are POPIA compliant. The FSCA will validate every piece of information of all registered entities as well as provide the correct information to customers to simply verify entities, persons and contact them for their financial needs. The use and accessibility of financial services providers personal information is of the benefit of the customers.
Customers are furthermore encouraged to verify financial services providers they wish to deal with by ensuring that they are properly licensed and regulated. Customers are also appealed to, to refrain from sharing private information with unregistered and unauthorised entities.
|
