With the immanent implementation of the Protection of Personal Information Act, marketing companies have the opportunity to affirm their customers that the systems they use are integrous and follow the new legal requirements.
Marketing in the digital age has opened an array of new opportunities for businesses to reach their target audiences. But the exchange of personal information between an individual and a company can expose consumers to a degree of risk. This is why the South African government has introduced the Protection of Personal Information Act (POPI).
In future, companies will be required to protect the personal information that they process and to processes that information according to the conditions set out by POPI. However, POPI does not aim to stop the free flow of information, it recognizes that there is a need for balance.
Guidelines for collected information
POPI doesn’t restrict the collection of people’s personal information but it does stipulate strong guidelines for how that information can be used. If reasonably practicable, companies should make a person aware that their personal information is being collected and why. Companies collecting information should have a privacy statement, notice or policy that is easy to read and accessible. It should be in clear language and should state whether the information will be passed on to third parties.
Direct marketing by companies that use these tools will be impacted by POPI requirements, but POPI will not put an end to direct marketing. Direct marketing has functioned effectively in many countries that have had data protection laws for decades and is a legitimate interest that organisations can pursue to find new customers. The big change or implication of POPI is that in future, any direct electronic marketing to prospects will need to be opted into.
Opting in means that people will have to choose to allow a company to contact them and a company cannot market to people on unauthorised personal communication channels.
POPI will have a significant impact on email and SMS marketing, but it hasn’t rendered them illegal. Marketers can currently email and SMS prospective customers on an opt-out basis. This means they can send anyone emails or SMSs until the person says to stop. Once POPI is implemented, marketers will only be able to email or SMS on an opt-in basis – contacting people only once to get their consent to send future communications.
However, consent isn’t required from existing customers, only from prospective customers. An existing customer is considered to be someone whose contact details have been obtained in the context of the sale of a product or a service.
POPI also requires marketers to offer people a way to opt out of their communications, and up to date subscription lists and bulk communication tools can assist with this.
POPI also gives significant authority to an Information Regulator, who can require companies to provide evidence of their adherence to POPI, failing which they can face either fines or jail terms. Marketers must take any enforcement notice from the Information Regulator seriously.
POPI aims to put an end to mindless spamming where bulk communications are sent out in the hope that someone might be interested. Finding quality leads and then targeting just those who are interested in particular goods or services is inline with what POPI wants to achieve.
If companies implement POPI correctly, it can actually contribute to increased trust from prospective customers as they know they have given permission to be contacted and they know that what they are receiving will be of interest and use to them. This in turn offers marketers the possibility of increased lead conversion.