By Tanya Brand, Head of Legal: Product, Marketing & Communication, Liberty
As a financial adviser, you need to know a great deal about your clients to create financial solutions that fit their needs and aspirations, and the Protection of Personal Information Act (POPIA) makes it your responsibility to safeguard this information.
If you don’t secure client information on your laptop or hard drive (or hard copy) you could be in real trouble, meaning a fine of up to R10 million, or worse, if this information is compromised. While the advisory firm or brokerage may have to foot the bill, it can cost you your job and reputation.
Advisers must be particularly aware of issues around consent. POPIA requires consent from your clients before you process (collect, store, share, etc.) their personal information. But there are also instances where consent may not be necessary, like when you collect information that is required for contractual purposes or is required by law.
The onus is on you as an adviser to know exactly what information is required and what it will be used for. When you provide holistic financial planning advice, for example, the amount of information required is more than when drawing quotes from financial institutions. Your client also needs to understand exactly which information is required, why you need it, how it will be stored, and whether you intend on sharing it with others. POPIA requires you to disclose this information to your client.
Processing a client’s information without their consent, or for purposes other than what you have collected the information for, without the necessary justification, as provided for by POPIA,, would amount to a transgression of the act.
What does POPIA refer to?
The act refers to any client information collected in the past, not just that collected after 1 July, when the act came into effect. It is important to take stock of client information and ensure it is properly labelled and securely stored.
Clients have the right to enquire about their information on your system and how it is stored. They can also request that you delete this information, or object to how it is stored, but advisers have grounds to reject these requests if it’s required by regulation that you keep a record of this information.
This all sounds simple enough if your records are organised and up to date, but it’s easy to lose control of your record-keeping system.
Signs that you may be in trouble
- You don’t know exactly which information you have, and why you may need this information
- There’s no process to update, or delete information
- Consents are not kept in a central place
It is imperative that you implement a system that works for you and your clients. There is no one particular way of doing this, as long as the information is managed and stored in compliance with POPIA.
It comes down to your clients trusting you with their personal information, which, in this age, has value. POPIA is designed to protect us from having our personal details end up in the wrong hands. Rather think of POPIA as a tool for developing trust between you and your clients, rather than seeing it as a bureaucratic nuisance that will complicate business even further.
This article does not constitute tax, legal, financial, regulatory, accounting, technical or other advice. The material has been created for information purposes only and does not contain any personal recommendations. While every care has been taken in preparing this material, no member of Liberty gives any representation, warranty, or undertaking and accepts no responsibility or liability as to the accuracy, or completeness, of the information presented.
Liberty Group Limited is a Licensed Insurer and an Authorised Financial Services Provider (no 2409).