Protection of Personal Information Bill will make or break SA online marketing

On the 22 August 2013, the South African Parliament approved the Protection of Personal Information Bill and issued the following statement:

“The Bill gives expression to the right to privacy provided for in the Constitution. The right to privacy includes the right to protection against unlawful collection, retention, dissemination and use of anyone’s personal information. The Bill is comprehensive and regulates the manner in which personal information may be processed, by establishing conditions in harmony with international standards that prescribe the minimum threshold requirements for the lawful processing of personal information”.

Privacy Laws and Business editor, Professor Graham Greenleaf said: “Once assented to by President Zuma, South Africa’s Act (commonly called POPI) will be the world’s 101st data privacy law, and the 20th enacted this decade. It is the 11th such law in sub-Saharan Africa, which could soon become the region outside Europe with the highest concentration of data privacy laws because there are Bills known in seven other countries. The economic significance of South Africa, both within and outside Africa, also makes this Act a significant milestone in the expansion of data privacy legislation globally.”

What does this mean for anyone in direct marketing and how will this affect them?

Quite simply, the Bill states that companies have to receive consent from individuals to collect, retain and share their personal information. Currently, marketers using email and SMS to promote products may retain contact information and communicate with an individual until the individual “opts out” which is an unsubscribe on email, and for SMS communication, a reply of STOP or something along those lines. Until the promulgation of the Bill, there has never been an opt-in requirement, whereby explicit voluntary consent is required prior to marketing directly with an individual.

Once the Bill is given the go ahead by President Zuma, marketers will have to obtain permission from an individual first before they can obtain and retain personal information and communicate with an individual. Future email and SMS communication will require prior approval before the communication takes place. The subscriber will still have the option to “opt out” which the marketer will need to honour.

Data privacy specialist at Deloitte Risk Advisory, Daniella Kafouris states that if a company is reported or fails an audit, they will be liable for significant fines and/or imprisonment. Daniella advises companies to use the services of a legal specialist to audit their current environment and to provide advice on changes that may need to take place in order to comply with legislative requirements. Furthermore Daniella states, “It is fairly simple to read the Bill and understand what the requirements are, but the true application of this is actually operationalising the requirements so that they still make sense for an organisation. The incorrect interpretation and application of the requirements may result in a hefty fine being placed on an organisation once the Information Regulator is established.”

People in social media marketing are well positioned

Anyone in social media marketing on the other hand is totally compliant with POPI and may continue participating on social media regardless of the legislative changes going on around us. For B2B marketers using LinkedIn, if someone connects, they are providing passive approval to communicate. If a person follows you on Twitter, you have every right to share information with them until they “unfollow” you.

Now is the time for the serious online marketers to get their act together. From a business-to-business marketing perspective, get out of the Marketing 1.0 mindset where you are broadcasting product related information and embrace new media principles which revolve around producing interesting, value-adding, topical content which your target wants to consume and share, and build credibility through this process. Digital marketing specialist and Memeburn contributor Jonathan Houston advises the following, “Planning your content creation and dissemination is critical. Understanding how the social media channels filter traffic to specific call-to-action webpages is vital. Those pages now have to work harder than ever as they need to show the value as to why someone needs to part with their personal information in order for you to get them further down your conversion funnel.”

Another angle on social media which organisations must look towards when undergoing privacy compliance is ensuring that sufficient organisational policies are in place for social media presence and essentially what you can and cannot share. Acceptable use of any online platform is certainly a privacy touchpoint for compliance.

The new legislation should be welcomed by all

The POPI Bill is good for marketers and consumers alike. It will serve to separate the wheat from the chaff, so consumers are receiving communication from companies they want to communicate with and consumers have the peace of mind that the government is protecting their rights.