Even a genuine mistake can be costly these days.
A FSP recently settled for a fine of R50 000 for not obtaining proper authorisation before disclosing confidential client information to a third party.
Section 3(3) of the General Code of Conduct stipulates:
A provider may not disclose any confidential information acquired or obtained from a client or, subject to section 4(1), a product supplier in regard to such client or supplier, unless the written consent of the client or product supplier, as the case may be, has been obtained beforehand, or disclosure of the information is required in the public interest or under any law.
The Settlement agreement states that “…the Respondent disclosed confidential information to a third party pertaining to insurance policies belonging to a member of the public. The disclosure took place in circumstances where the respondent failed to take adequate steps to obtain proper authorisation from the owner of the insurance policies for the said disclosure.”
“The contravention was the result of a bona fide error on the Respondent’s part as he believed that valid authorisation had been given when in fact this was not the case.”
This is quite a hefty fine for what appears to be a genuine mistake, without malice or criminal intent. There is no indication that the client suffered any loss as a result of the transgression.
Recent publication of the Protection of Personal Information Act (POPI) is yet another attempt at preventing abuse of personal information. From the above, it is evident that there are already many preventative measures in place to keep us on the straight and narrow when it comes to the confidentiality of client information.