Since Covid-19 hit our shores in early 2020, it brought a sea of data breaches, one crashing wave after another. From Experian to Lightstone and now TransUnion, personal data is under siege from all sides.
What can your business do to protect visitors’ information? ATG Digital gives insight into the triad of visitor data protection.
“When people do business with your company, they trust you with their information,” says ATG’s Ariel Flax. “Your responsibility for their privacy should extend to anyone who submits their personal information when they check in at the gate or reception.”
According to Flax, visitor data can be targeted by criminals or competitors. Good privacy practices aren’t just a courtesy but a legal requirement since POPIA came into effect in July last year.
Rule 1: Only collect what you need
Collecting critical data only at check-in saves visitors time and mitigates risks. “Your guests love the swift experience and feel safer on your premises,” says Flax. Visitors immediately get annoyed when they have to answer too many questions.
As per POPI Act regulations, Flax advises businesses to only collect what is necessary for the purpose of access control security on-site.
Rule 2: Encrypt personal information at reception
“If you’re still using handwritten registration books, ditch it,” cautions Flax. “Our most recent survey revealed that over 60% of visitors peep at who’s checked in ahead of them – that’s 60% too many.”
Names, cellphone numbers and ID numbers should not be exposed at any time. Electronic devices can be locked, encrypted and wiped remotely in the event of theft.
Rule 3: Write data protection into your company DNA
Security and governance go hand in hand, yet many companies fall short by assigning the responsibility of visitor data to either physical security or IT.
Firewalls, IPS and IDS go a long way, but Flax says, “It’s everyone’s responsibility to know and enact the security policy. Employee training against social engineering (phishing), network and physical perimeter protection must be enforced daily.”
These days, a cellphone number and a name are enough for unscrupulous hackers. In line with POPIA, have a policy that defines the process of collecting data, securely storing it, and deleting it as soon as it is no longer necessary. You’ll need a shredder if you have paper records.
Digital visitor management software like ATG Digital’s At the Gate and At Reception immediately encrypts data and uploads it to the cloud. Records are not stored on the device and cannot be accessed by security guards, receptionists or anyone else who may handle the device.
Consider ears too
While most companies are primarily concerned with prying eyes (and long fingers), Flax raises an interesting point about keeping sensitive information out of earshot.
“Discussions in meeting rooms and offices also need protection,” she says. “Assess the acoustics of your offices and meeting rooms. Consider investing in some soundproofing if need be. You can make a policy not to discuss the personal data of visitors/patients/partners in common areas of the office.
“The point of [data] entry can be the very point where sensitive information leaves. If you’re asking visitors for information on arrival, guard it the same way you would any other data on your network,” concludes Flax.
Integration relieves PoPIA pressure
Privacy laws apply to everyone, sectional title and community schemes included. That’s the word from Human Settlements Minister, Mmamoloko Kubayi, following a recent parliamentary Q&A.;
Despite the deadline for compliance on 30 June 2021, Kubayi had to reiterate this year that the regulations of the Protection of Personal Information Act (POPIA) apply to community housing schemes as well.
“Accordingly, all entities need to invest in the resources they have identified to ensure that the principles of POPIA are upheld,” said Kubayi, referring to the eight principles governing the collection, storing and processing of personal information belonging to members of community schemes.
Leading access control and visitor management firm, ATG Digital, has spent considerable time working with the POPIA-expert Michalsons Law Firm to create a fully POPIA-compliant access control solution for complexes and residential estates.
In its latest bid to further alleviate pressures on facilities and security managers, ATG Digital has announced that its flagship product, At The Gate, is available as an add-on to the EstateMate community management app.
The app facilitates secure communication between body corporates, managing agents, as well as owners and residents of community schemes. It acts as a central management hub and, together with At The Gate access control, makes it easier to enforce POPIA policies.
“Only information vital for the purpose set out in the scheme’s POPIA policy is collected at the gate. All the information is encrypted and securely stored, and is only accessible by authorised personnel,” explains ATG Digital’s Arial Flax.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version