Protection of Personal Information Act
From The Pastel Help Desk regarding the POPI Act
What is POPI?
The Protection of Personal Information Act (POPI) was signed into law on 26 November 2013. POPI essentially regulates how anyone who utilises personal information must handle, keep and secure that information. Once the final components of the new law are enacted companies will have 12 months to comply.
Why the stringent new security measures in Partner/Xpress?
The recently promulgated POPI Act imposes certain requirements on institutions who collect, process, store or share another entity’s personal information. We have upgraded the security features within the Pastel Partner and Xpress ranges to assist users of our software with their compliance to the POPI Act.
Amongst other requirements, POPI specifies that information must be secured with the latest industry standards and as such the following have been incorporated into the Pastel Partner and Xpress applications:
- Forced password creation
- Strong passwords
- Optional password creation on backups
What information does POPI relate to?
POPI is designed to prevent the negligent disclosure of personal information. The definition of personal information in terms of the act is very broad – ranging from identity and address information to financial history, affiliations and preferences.
What are a company’s obligations?
Not only will organisations be responsible for ensuring that all information is current but they will also have a responsibility to take reasonable security measures in line with the most recent industry standards to secure the data. Non-compliance with the act could expose an organisation or individual to a penalty or even jail time.
Can I turn these security features off?
Making the use of these security features optional will result in clients data becoming exposed, even if this is done unintentionally. In order to enforce security, these options cannot be turned off.
How do I manage passwords for large amounts of data sets?
There are many password management tools available which allow you to easily maintain various passwords. Look at KeePass (http://keepass.info/) as an example.
What other steps can I take to secure my data?
Your IT professional will be the best person to advise you on the right solution for your business, however some of the points you could look at are:
- Make use of hard drive encryption tools.
- Ensure that you use strong passwords which expire after a certain timeframe and apply these at both local machine and server level.
- In a network environment ensure that you secure your WIFI connections with a password.
- Use authenticated sharing to protect sensitive information.
- Lock down rights at both user and machine level.
- Don’t leave machines unattended and unlocked.
- Use laptop locks or similar for portable devices.
- Require employees and service providers to sign non-disclosure agreements.
- Ensure you install anti-malware software to protect your system from adware, viruses or similar malicious software.
- Deploy firewalls to protect your local systems from the internet.
We trust that you will see the benefit in these changes.
The Sage Pastel Team