The Protection of Personal Information (PoPI) Act is a fast encroaching reality for South Africa and many organisations are now facing the mammoth task of ensuring they comply with this regulation.
PoPI essentially regulates how organisations store their customers’ and employees’ personal information, and what they may do with that data. It also gives a measure of control back to the customer. They now have a say in what is done with their personal information, and a right to know at any time where their information is, and how many copies there are. PoPI is forcing businesses to take utmost care of their customers’ and employees’ data – something which any well-run organisation should be doing already.
Despite the challenges that go hand-in-hand with PoPI compliance, there are several positives too. Businesses are being pressed into properly managing, storing and sorting their information. In addition, those which do not already have suitable data management systems in place are having to re-look at their data management strategy. While this is a pain point for many organisations who are starting the process of drawing up and implementing a data management strategy from scratch, once the process is complete, there are multiple rewards to be had for the business.
The PoPI impact
Any well-run and conscionable organisation should already have policies in place to protect and manage their customers’ information. With the primary goal of mitigating instances of fraud and the like, organisations that handle sensitive data, such as financial information or credit data, should already be ahead of the curve. However, even these organisations may not be PoPI compliant and will still need to review their data management strategy and policies in order to become so.
One of the key points of PoPI is the need for businesses to store and access a single copy of customer data. Many organisations have multiple copies of customer data stored in various locations across the business, for access by various departments. While this has worked up until now, businesses are needing to centralise their data and ensure they keep one, current copy of customer information to hand.
Another component that companies should consider is the storage of backup data. Data is typically stored across two locations: the production site, and the secondary, or disaster recovery (DR) site. With customers now having the right to request that their data be deleted, it can be a challenge for companies to ensure that they are able to delete both original copies and backup copies.
Essentially, removing data from the production site is relatively simple, even if there are multiple copies, however it can be tricky to do so from a backup site, particularly if the data is untagged and not indexed. Filtering the data to make sure all copies are deleted can be a tedious and drawn out process, which can anger the customer and cause unnecessary delays for compliancy.
Though these changes may seem daunting, they also provide a host of benefits to the company, helping to streamline many business functions and processes.
The PoPI benefits
PoPI gives businesses the push they need to centralise their data management system, and effect a proper data management strategy if they do not already have one. For example, a centralised system which combines primary and backup data, in an open standard and readable format. That is tagged and indexed for easy referencing, can mitigate problems like deletion of customer information from a backup site.
Centralised systems offer a host of other benefits that can not only ensure compliance, however, also add value to the organisation. Businesses can run a host of back-end services on their data management platform, such as analytics which can give valuable insight into their customer base. In turn, this insight can aid the business with decision making and customising their products and service offering to suit their customers’ demands. Up to date customer information can also be mined for upsell and cross sell opportunities.
The quality of data is also important, and not all data is created equal. A centralised, PoPI compliant system with proper checks in place can ensure that data is correctly captured and that it is beneficial to the organisation. This aids in customer service management, as the company has all the correct and important data at their fingertips. In addition, a sophisticated data management systems would also be able to analyse data and determine its value to the business, identifying what to keep and what can be overwritten. This translates into cost savings as businesses don’t need to purchase unnecessary storage space for unneeded data.
The PoPI way forward
Businesses should start engaging with a data management and storage service provider in order to achieve improved data management, data quality and data governance. In turn, this underlines the company’s compliance with acts such as PoPI.
Centralised platforms help organisations to know what unstructured data they have, and therefore meet PoPI obligations and prove compliance to regulators. This is achieved by integrated backup, recovery and archiving in a way that creates a single searchable pool of the organisation’s high value unstructured information. In essence, it provides a solid foundation for information governance, gives the visibility and control needed to meet a variety of PoPI obligations, while continuing to deliver added value to the business.
By: Mike Rees, Territory Account Manager for South Africa at Commvault