(as outlined in ITPOL001: Information technology and information management security, version 1,0, 12 March 2018, section 12)
Adequate protection and prevention of unauthorized access or use of stored, personal information is required.
Personal information of individuals is stored until no longer needed for analysis, at which point it is deleted from all storage locations.
All requests for identifiable data must be applied for, with a motivation and record of the application to be maintained.
Personal information must be classified as restricted / sensitive and handles accordingly.
Data files should be encrypted whenever they are transferred outside of the organisation. Encrypted file passwords should be transmitted to the recipient on a channel other than that of the file itself.
THC may disclose a client’s personal information to any department or subsidiary, joint venture company and / or approved product or third-party service provider, whose services or products clients elect to use.
Confidentiality agreements are required to ensure compliance with privacy conditions.
THC can only share client personal information with third parties when it has a duty or a right to disclose in terms of applicable legislation, or where it may be deemed necessary in order to protect the organisation’s right.