Up until very recently there have been few or no laws governing what businesses did with information that it processed. Personal information was seen as a free way of increasing the audience they were able to reach, and we all wonder why we receive unsolicited calls and emails (or spam) on a daily basis. Thanks to the newly auctioned POPI bill, all this is about to change, and businesses now have to adhere to very stringent laws around what is and is not acceptable with regards to sharing, using and selling sensitive information. POPI stands for Protection of Personal Information and is a bill that was recently passed to protect individuals' sensitive information when processed by responsible parties. This basically means any contact, payment or personal information a business receives from an individual should remain confidential and not used for any unauthorized marketing purposes whatsoever.
Any person (who feels they are receiving unsolicited communications) may lodge a complaint to the regulator, stating their case. The regulator then has the authority to do the following in order to investigate the case:
- The right to apply to the court in order to get a search warrant for the premises
- The right to claim damages against you
- The right to issue notices of enforcement
How will this affect you as a marketer?
What this means to marketers in South Africa, is that mailing lists we currently have may be rendered completely useless. If the contacts in a mailing list have not actually double opted in to receive mails, messages or calls and you send them marketing messages, you could have legal action taken against you.
Just because an enquirer on your website was open enough to share their personal details with you in an enquiry, does not warrant you the permission to send them marketing messages. This has to be a separate option for them to opt in to.
Buying email databases will be completely illegal, unless of course the source of the database stipulated in their terms and conditions that the data submitted will/might be sold at a later stage. This usually tends to keep people from subscribing in the first place.
So to stay on the safe side of the regulator and out of trouble, it is advisable to adhere to some simple points with regards to collecting and processing sensitive data through your business:
- Use the double opt-in system for your newsletter subscriptions
- Always include an unsubscribe option
- Never buy databases, it is always best to collate your own
- Any databases compiled before this bill was passed, are also subject to the bill and its laws
- Don't sell any of your data to outsiders
