In order to protect the personal details of South Africans, the Protection of Personal Information Act (POPI) has been implemented. It forces industries to reconsider how they handle client’s personal details.
This is particularly good news for sensitive products, such as insurance. We find out what POPI is all about, and we see how your information will be protected.
What’s the fuss about POPI?
According to Tlalane Ntuli, the COO and co-founder of Yalu South Africa, POPI seeks to regulate the processing of personal information for South African citizens.
“In terms of the Constitution, South Africans have the right to privacy. The POPI Act takes this a step further and regulates this enshrined right in line with the digital age,” says Ntuli.
“POPI was created to ensure that citizens who provide their personal information to companies and other entities are protected, and don’t have their details subjected to instances of abuse,” she adds.
The act has already been implemented, and companies have until 1 July 2021 to become compliant. Once done, clients will have their personal information, such as their phone numbers and ID numbers, protected from being abused by marketing campaigns or having it sold off to the highest bidder.
What does this mean for your insurance?
Ntuli says that the POPI Act ensures that individuals who take out insurance have confidence that the company collecting their personal information won’t misuse it.
“They can rest assured that their personal information will not be processed for purposes that are unrelated to what it was originally intended for; or have it provided to third parties without their consent,” says Ntuli.
“They also have the right to ask which other parties their information will be provided to, and where any additional information that was not provided directly by the customer comes from,” says Ntuli.
“Finally, they have the right to be kept up to date on the purposes of retaining their information other than for the relevant policy documentation,” he adds.
In order to understand how your personal information will be used, it’s useful to understand the standards to which insurance companies will be held accountable.
Chris Ogden, managing director at RubiBlue Information Technology Solutions, outlines the following points that insurance providers will likely consider when working with your personal information:
- If there is a breach, they will have a process in place that they will follow to help protect your information as much as possible.
- If they use a separate provider to store your personal information, they will ensure that they are also POPI compliant.
- If you’d like to find out what information they have on you in their records, they need to be able to provide this to you, via the PAIA Manual and act.
- In terms of the various roles mentioned in the Act (such as personal owner, responsible party, or operator requirements), they will engage their legal resources to review how they fit into the picture and what their specific requirements are.
- In terms of cover, there’s no difference in terms of what they will offer you. It’s just the compliancy of how personal information is handled, responsibly.
- They need to consider whether they own your data or whether the underwriter owns your data. Depending on this answer, they will have different responsibilities.