PoPIA: De-identifying, matching and filing

Issue 3 2021 Editor's Choice, News & Events, Security Services & Risk Management

There are many crucial factors involved in the Protection of Personal Information Act (PoPIA). For compliance, it is imperative for organisations to fully understand all these factors and how they play out in the real world. Three of the crucial areas that must be discussed include de-identifying, information matching programs and filing systems.

De-identifying data refers to when data that could potentially identify someone is hidden or removed. This personal data of a data subject could be identifying either on its own or in combination with other data. Data is considered identifiable of a data subject if it reveals the data subject’s identity directly; if it can be manipulated to identify the data subject indirectly; or if it can be linked to other data which would in turn identify the data subject.

“Essentially, the de-identifying of the data is a cornerstone of PoPIA. This act is directly purposed to protect personal information. Therefore, it is imperative that organisations are aware of identifying data and that they take the necessary steps to make that data anonymous by hiding or removing it,” explains Carrie Peter, Solution Owner at Impression Signatures.

When organisations are working with data that is essential to provide the necessary service or business operation, any identifying data that is not required must be de-identified – and the data set must be completely de-identified before it is shared. “An example of this is an online order. Initially the customer’s name and address may be required for delivery, however, once the delivery has been made that identifying data is not required for stocktake records. The data should therefore be de-identified before sharing the stock numbers,” continues Peter.

Another key area of compliance is related to the use of an information matching program. This programme is designed to collect, compare, clean and organise sets of information. Two sets of information are matched and compared. This comparison can be done either manually or digitally and includes documents that hold personal information about 10 or more data subjects.

Carrie Peter.

“When utilising these programs, it is imperative that consent is obtained for any and all information utilised and stored by an organisation. This consent needed extends to older data sets that are stored within the organisations’ filing systems and so on. This means that organisations need to track down, match, clean and sanitise their historical data sets to ensure that the data is consolidated and secured. Consent for new and historical data must be explicitly secured for each piece of data, for the exact reason that data is required,” adds Peter.

The third crucial area to be addressed is that of filing systems. Filing systems refer to any set of personal data records stored by an organisation. These records could be manually stored in a filing cabinet, or digitally stored, centralised, decentralised, or dispersed on a functional or geographical basis. This data can be accessed with specific search criteria, such as being searched alphabetically. For compliance, these records must be safely secured to avoid them being lost, stolen or misused. This can be achieved through restricting access to digital storage using a filing cabinet that can be locked. Access to these records should only be granted to those who have obtained the necessary consent from the data subject(s).

“All three of these areas are crucial when it comes to compliance to PoPIA. Once understood, compliance in these areas is easily managed,” concludes Peter.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Dallmeier receives ISO 27001 certification
Dallmeier Electronic Southern Africa Surveillance News & Events
Dallmeier has received ISO 27001 certification for its Information Security Management System (ISMS). The international standard for information security management ensures that companies meet the highest standards of data protection and data security.

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.