PROTECTION OF PERSONAL INFORMATION POLICY
INTRODUCTION
Econorisk (Pty) Ltd and associated companies are registered financial services providers operating as Brokers underwritten by major South African Insurance Companies.
Econorisk’s Board of directors together with its relevant sub-committees and management are able to provide relevant prudent management and oversight over the activities, procedures and processes of Econorisk, specifically in respect of the application of the eight conditions as set out in chapter 3 of the Protection of Personal Information Act 4 of 2013 (“the Act”)
The purpose of the Act is to:
- give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party (Econorisk), subject to justifiable limitations that are aimed at:
- balancing the right to privacy against other rights, particularly the right of access to information; and
- protecting important interests, including the free flow of information within the Republic and across international borders;
- regulate the manner in which personal information may be processed by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information;
- provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and
- establish voluntary and compulsory measures, including the establishment of an Information Regulator, to ensure respect for and to promote, enforce and fulfil the rights protected by this Act
The Board has the ultimate responsibility for overseeing compliance with the Act within the organisation and therefore the operational and governance structures should therefore facilitate this. Notwithstanding the responsibility of the Board and management, effective compliance with the Act must be filtered through to all levels of the organisation.
POLICY
Our Protection of Personal Information Policy (POPIP) and Manual are based on the relevant sections in the Act which will ensure the protection of personal information of all stakeholders i.e. policyholders, employees.
The Board may delegate specific duties to sub-committees; management and/or employees however, the Board shall remain ultimately responsible for compliance with the Act.
The eight conditions contained in the Act are as follows:
- Accountability;
- Processing limitation;
- Purpose specification;
- Further processing limitation;
- Information quality;
- Openness;
- Security safeguards;
- Data subject participation
TRAINING AND ONGOING COMPLIANCE
Management must ensure that all staff and representatives are appropriately educated and comprehensively trained on the Act and the obligations in terms of the Act.
As part of our ongoing compliance function, all employees and directors will be provided with copies of the Protection of Personal Information Manual (“POPIM”) as well as annual training as required.
STAKEHOLDER INCLUSIVITY
Econorisk will endeavour to include all stakeholders in its communication and develop processes for transparent sharing of information with stakeholders.
Information regarding the implementation of and compliance with the Act should be provided to management on a regular basis and should be accurate, timely, relevant and consistent. Management will report such information to the Board.
All complaints must be recorded and reported by our Compliance Administrator, which in turn will be analysed and reported to management and the Board.
ESCALATION
Econorisk’s governance framework makes provision for any employee to escalate related concerns or any non-compliance with the Act to management who may refer the issue to the board or the relevant sub-committee.