ATG Digital – POPIA Ready!
Data Protection has become a hot topic recently, while South Africans wait with baited breath for the Protection of Personal Information Act (POPIA) to become fully enacted. For organizations, the enactment will mean a fair amount of time, money and effort to become aligned with the legislation. For data subjects like you and me, the enactment will hopefully bring some piece of mind that our personal information is being adequately safeguarded.
The principles set out in POPIA are the very reason we exist: ATG DIGITAL was born out of the need for better quality information and better security of information required by security at entry points. The archaic books previously used by most entry points, and still used by some, meant that every piece of information was visible not only to the security personnel but also to every other person entering the premises as well as potential data thieves.
Digital scanning removes the possibility that guards, visitors or criminals could easily view the information, but the public should still be wary of the devices used to scan their information as poor systems or unscrupulous organizations could still mean your information is at risk.
The following criterion should be met before you allow a guard to scan or manually input your information into a device:
The data is encrypted and stored in the cloud and NOT on the device – data stored on the device is no more secure than it would be in a book
The company operating the scanners has already met the requirements set out in POPIA, regardless of the fact that it is not yet fully enacted. They should be willing and able to share their data protection policies and procedures with you upon request.
ATG DIGITAL takes the protection of personal data very seriously and has recently completed a comprehensive data protection program in order to align with the International GDPR legislation which is already in effect, as well as pre-emptively aligning with the South African POPI Act.
Under POPIA and GDPR, ATG is considered an OPERATOR as it facilitates the collection of information from the data subject at sites owned/rented/managed/secured by our clients. Our client, as the defined Responsible Party, is the sole owner of the information collected via ATG Devices and will have additional Privacy Policies in place to safeguard this information and the way they use/access it.
ATG devices capture information by scanning your documents, or via manual input, and could include personal information such as: name, identification number, contact information and vehicle information such as vehicle make and model, registration number and VIN number.
The level of detail required is determined by our client and information is collected for the purpose of:
Site Management and Safety: for example, knowing how many people and vehicles are on site is essential in case of emergency evacuation
Security: as well as the acting as a deterrent to the criminal element, in the case of criminal activity occurring an accurate record of who was on site can be easily accessed
How does ATG store and protect your information?
1. All information scanned by our devices is encrypted and immediately uploaded to secure cloud storage. The information cannot be viewed or retrieved on the device thereafter.
2. The information that has been captured can only be accessed by:
Authorized personnel of the responsible party for their purposes
Authorized personnel of ATG at the request of the responsible party; by an officer of the law; or by the data subject in accordance with the Act.
3. In order to ensure the safety of all the information that we gather on behalf of responsible parties:
Passwords are required by both the responsible party, as well as by all duly authorized ATG personnel.
All staff are carefully screened before employment and sign a Non-Disclosure Agreement as part of their employment contract.
Access to customer data is monitored via software installed on personnel PC’s and any suspicious activity is flagged and immediately actioned.
4. Information is subject to no further processing by ATG: we are morally, contractually and legally bound not to access any data for our own purposes, nor to share data with any third party. Third parties include but are not limited to marketing agencies and their affiliates; other clients; employees; the general public
5. ATG will retain your personal data for no longer than it is authorized by POPIA.
If you have any questions regarding ATG’s Data Privacy Policies or Procedures please feel free to get in touch with us
010 500 8611