The appointment of an Industry Regulator with a view to rolling out the Protection of Personal Information Act (POPI) accelerates the timeframe within which companies must become compliant, and represents good news for consumers who want more control over their personal details.
On 26 October, a government statement confirmed the appointment of Pansy Tlakula as full-time member and chairperson of the Information Regulator along with other newly-appointed officials, effective 01 December 2016.
The Act will govern how companies collect customers’ information, how they store it, what they use it for and how they dispose of it. With little legal framework on this currently in place, this means that almost every company in the country will have to revise their practices. This means that they’ll have to adopt new technology and ways of interacting with business and customer intelligence. Smaller companies may find this relatively easy, while medium to large ones working with vast databases and contact centres will have to apply significant budget to adapting their technology and business processes without losing efficiency and productivity.
POPI stipulates how businesses can legally process the personal information they hold
While this is likely to be an operational headache, customers will only benefit from this — not only will their information be less-easily accessed (or abused), but as companies address their workflow and other business processes, the Customer Experience will improve.
It can provide an opportunity for companies to remove all of the pain points customers experience during interactions, whether by phone, email, online or social media. Tech upgrades and improved business solutions can also reduce the time it takes to deliver excellent sales interactions, after-sales and customer service. Since time spent by agents during contacts with customers costs money, reducing this will have a positive impact on the bottom line. Once fully-compliant, customers will also have more confidence in their favourite companies that their personal information is being used only for that purpose for which it was originally shared.
Once the legislation is all signed off, likely later in 2017, companies will have a grace period of one year within which to become compliant (only in some cases will companies have as much as three years). Given that IT budgets may have already been allocated, the challenge this represents is that funds must be shifted in order to cover unforeseen IT work.
While it may be a difficult challenge to address, companies actively allocating resources to fixing the gaps within their customer service channels will find that this could translate to improved processes, ultimately creating a more seamless Customer Experience. Despite this not being the goal of POPI, the legislation could, unwittingly, transform the customer service environment for the better.
Companies that gather, receive, hold, use or share information about a consumer or business customer are affected by POPI. POPI stipulates how businesses can legally process the personal information they hold. Personal information, as defined by POPI, means any information that can be used to identify an individual or a juristic person.
These include ID number, company registration number, email address, physical address and so on. Additionally, organisations have to notify persons of what information they hold, and how they intend to use it and verify that it was given voluntarily, confirm secure storage and ask how long it may be kept.