A PRACTICAL APPROACH TO USING POPI IN FRAUD PREVENTION
INTRODUCTION
The Protection of Private Information Act (POPI) is an Act in South Africa, designed to protect private information.
Here we discuss methods of how individuals can use the principles of POPI to prevent fraud and corruption.
TRULY SPEAKING is a series of blogs drafted to provide insightful information related to fraud and investigations, practically applied.
DID YOU KNOW?
This Bill of Rights in the constitution of South Africa is a cornerstone of our democracy. It enshrines the rights of all people in our country. It affirms the democratic values of human dignity, equality and freedom.
In five simple words, this cornerstone worded one of our most fundamental rights: Everyone has the right to privacy.
The POPI assists us in exercising this right.
THE PROBLEM
In the age of electronics we live in, information has become the new gold. As a result, it applies to fraudsters too. They prey on the vulnerability and gullibility of others. Fraudsters use innovative methods to cleverly disguise themselves against detection and investigation. It is easier than many people think.
For example: Once a person placed and advertisement for a position where people across South Africa could become representatives (Reps) for selling his products.
As a prerequisite, they needed to provide their identity number and bank account details (candy coated as a requirement for them to receive their commission).
About a month after the fraudster had placed the advertisement, a life insurance company received over 300 fraudulent policy applications.
He received broker’s commission, the prospective reps paid premiums on policies they did not apply for!
Because we as humans sometimes want to trust, we pay little attention to how others can abuse this trust when it comes to our private information. But they want to cause harm to the detriment of their victims.
As with all rights, the right to privacy also comes with a responsibility. What is the communal responsibility here? Be diligent with protecting your information.
Remember: Protection is better than cure. Better safe than sorry.
Likewise, everyone knows the saying: A chain is as strong as its weakest link. Often the weakest link here is ourselves, no one else. It is time we consider the fraud prevention and detection mechanisms contained in the POPI and apply them practically without getting paranoid about them.
We have as much a responsibility to protect our data as we have the responsibility to protect that of others.
WHAT IS PRIVATE INFORMATION?
POPI has an extensive application of the term “private information”. However, for this article, we confined it to be:
The person’s name if it appears with other personal information relating to the person. This additional information can be (amongst others): any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignments to the person.
WHERE CAN YOU “DO” POPI?
Where can we do better in exercising our right to privacy?
Let’s look at essential prevention tips on the two places where information can be detected:
Social media
Social media has changed how most of us communicate and conduct business today. We know that we cannot go without it anymore.
Anyone may LEGALLY collect information that the data subject (YOU) publishes willingly, or when it is derived from public record.
Here, the former is more important, as it means that if you post something on social media, you willingly publish information about yourself. Therefore, you should be cautious and think twice before sharing something online.
We need to think about our data in terms of fraud risk. Risk managers define risk as the rating of the probability of an event happening and its impact on the subject. Likewise, we could all agree that identity fraud can have a dire impact, and its probability is quite high…
People sometimes have the misconception that if you share a post only with your friends, followers or contacts, it won’t stretch further. They forget that someone can forward or take a screenshot of whatever you shared and further expose that information to a broader audience.
You won’t be protected from this happening, as you published it the first time and thus gave consent to share that information further.
Practical Tips:
a) Ensure you set your privacy settings for the viewing of those you trust.
b) Birthdates: Should the world need to congratulate you on the day, it is okay. Just don’t provide the year of your birth too. With this information, criminals have your Identity number’s first 6 (significant) numbers.
c) Don’t post photos of you, your fellow employees, or loved ones containing vehicle registration numbers, cellular numbers, age, address, or anything criminals can use for fraud or theft.
Curriculum Vitae (CV’s)
Identity theft is real. In our more than 30 years of involvement in the prevention, detection and investigation of white collar crimes, we have witnessed many horror stories with dire outcomes for the victims.
Unlike what some may believe, criminals require very little information to cause you great harm.
The practice of “publishing” our personal information on a CV remains a genuine problem. Despite the dangers, prospective candidates attach copies of their identity document to CV’s they send everywhere. This practice is a legacy of how we did things in the past.
You cannot expect a trusting relationship with an employer who did not hire you. You don’t even know each other!
It can be said that POPI attempts to prevent fraud and theft by regulating the safeguarding of this information by prospective employees. But if you handed your CV to a hundred entities, whom would you identify who breached your trust and the POPI by selling your information?
Therefore, no one should provide more information than what is absolutely needed.
Practical Tips:
a) Remove all personal information from your CV you can provide later: your identity number, place of residence, and date of birth (age should suffice).
b) Provide an email address you can control: It is just that: An address where they can reach you on your terms!
c) Contactable references: Be considerate of the privacy of others. Do you really need to provide a cellular?
IN GENERAL
When anybody asks you for personal information, be it over the phone, for access control, or anywhere, POPI gives you the right to know:
a) The purpose for the collection (why do they want it).
b) That your information will only be used for the purposes it was collected.
c) The duration for which they will store the information.
Whenever you in any way feel uncomfortable providing the information:
a) Please don’t do it!
b) Try to negotiate.
c) Understand that your rights can be reasonably limited for the greater good. You may forfeit some action from the other party (like assistance from the call center you called to or access to a gated community).
CONCLUSION
Above all, each person should understand that that the protection of private information (of my own that of others) starts with themselves.
Take ownership of the risk of your private information being easily available.
In so doing, you will significantly reduce the possibility of becoming a victim.