Processes & Background;
Much time and effort has been spent to ensure that Save Easy (Pty) Ltd adheres to all the rules and regulations as expressed in the POPI Act. Measures have been put in place to ensure that all information is stored in the most secure environment available and at the same time safeguarding all the information.
Save Easy (Pty) Ltd has partnered with Laserfiche and Afrihost. Laserfiche is a world leader in ECM, BPM and document management solutions. Since 1987, more than 32 000 organisations worldwide have adopted Laserfiche. This currently includes federal, state and local government departments in the USA. There are also various Fortune 1000 companies across the globe making use of the Laserfiche solution.
The Laserfiche ECM system provides Save Easy (Pty) Ltd central control over its information infrastructure, including standards, security and auditing. It offers complete flexibility and allows immediate adaptation to changing needs. Laserfiche suite has been built on top of Microsoft technologies, which allows seamless integration with Microsoft Office.
Afrihost was established in 2000 and is also following international trends by offering world class cloud hosting services, using the latest VMWare technology and their cloud server environments are hosted at state of the art data centres, with the very latest redundancies and security measures in place to safeguard your content
Lawful Processing of Personal Information:
The purpose of the act is to:
- Protect the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations by balancing other rights such as Access to Information, protection of interests in South Africa and across international borders;
- Regulate the processing of information, provide persons with rights and remedies to protect their information.
The Protection of Personal Information (POPI) Act
The POPI Act has been promulgated but not enacted. It will be introduced to ensure that all South African institutions adhere to a very strict set of rules. The Act relates to the storage, collection, processing and sharing of personal information of a person or legal entity. If the information is not dealt with according to the rules, such an institution can be held accountable for the misuse or lack of protection of the information.
POPI will be introduced to provide protection of all your personal information and the management of the information:
- “Consent” means a voluntary, specific and informed expression of your will to give permission for the processing of your personal information;
- “Data subject” means the person to who the personal information relates;
- “De-identify” Is the personal information relating to the person, means the deletion of personal information related to identification, information that can be manipulated and linked to the data subject;
- “Filing system” means a structured set of personal information, which can be centralized, de-centralised either locally or internationally that can be accessed in a specific way;
- “Person” means a natural person or juristic person;
- “Operator” means a person who processes personal information for a responsible party in terms of a contract or mandate without coming under direct authority of that party;
- “Personal information” there are 8 different categories listed and to name a few: information related to race, gender, marital status, education, ID number, contact details, etc. (The copy of the POPI Act can be accessed here)
- “Processing” means any operation or activity of personal information including the collection, receipt, recording, storage, updating or modification, retrieval, alteration and consultation. This also includes transmission, making available, merging, restriction and destruction of information;
- “Record” means any recorded information regardless of form and can include written material, recorded information, computer equipment, and any other relevant recorded device or medium;
- “Re-identify” in relation to personal information of a data subject that could be manipulated, identify the person or utilized or made available to any other party for personal gain or use;
- “Responsible party” means a public or private body or any other person either alone or in conjunction with others to determine the purpose and means for processing personal information;
- “Restriction” means to protect and restrict the information, but not to destroy or delete the information;
- “Unique identifier” means any identifier assigned to a data subject and used by a responsible party for the operations of such a responsible party and that identifies the data subject in relation to the responsible party.