The Scenario
A customer contact center for "SA-Gifts" (an online portal) receives an email requesting access to and deletion of all personal data under the Protection of Personal Information Act (POPIA). The customer support agent has never handled a POPIA request before and is unsure what data can be deleted and what must be kept for tax purposes.
The Brief
Write a standard response protocol for handling a POPIA Section 23 request, including identity verification and a response template.
Deliverables
- A checklist for verifying the identity of the requester securely before disclosing information
- A standard draft response email informing the user what data is being deleted and what must legally be retained (SARS compliance)
- An internal action checklist for the database administrator indicating where customer records must be anonymised
Submission Guidance
Acknowledge that under SA tax law (SARS), transaction and invoicing history must be kept for 5 years, even if a user requests deletion under POPIA.
Submit Your Work
Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.