The PoPI Act plays an important part in increasing consumer protection and information control in a world where information abuse and exploitation is rampant. Ever receive unsolicited calls from call centres to sell you a product or service, text messages at all hours of the night and day, unsolicited email communications (a.k.a. SPAM) attempting to sell you a product or inform you that you have won the lottery? Ever wonder how and where they got your details? These direct marketing efforts are probably the most tangible example of how most people are affected directly when their personal information is abused because there is no protection of and consequence for sharing their information with other parties. The PoPI Act addresses this issue by making sure everyone from government and the big financial institutions down to the security guard who records your details in the visitor’s log have a good enough reason (purpose) for collecting your information and is responsible (can be held accountable) for protecting it. Due to the consumers’ focus on (or frustration with) these activities there is a common misconception that the PoPI Act was primarily created to address this problem. It is however only part of the good the PoPI Act hopes to achieve and hardly its extent.
There is another misconception that the PoPI Act will prevent companies from marketing to new customers or marketing new products or services to existing customers. This is not the case. The PoPI Act is all about informed consent from the owner of the personal information and involving them in the process of managing their personal information. Rules do exist around direct marketing though, namely:
- You must identify yourself, or the person on whose behalf the communication is being made, as well as provide contact details on where the person may request that your communication be stopped.
- You may not contact someone unless they have first consented to being contacted via electronic communication.
- You may contact someone only once to obtain their consent, as long as they have not previously withheld their consent.
- Only for the purpose of direct marketing of the responsible party’s own similar products or services.
- Providing customers with a reasonable opportunity to object to the communication in a manner that is free of unnecessary formality (easy) and also free of charge.
So, if you are in call centre or direct marketing business, you better be prepared to be able to answer the question “Where did you get my information from?” Be prepared for the resulting actions if this information was obtained illegally or without the owner’s consent. For many call centres their business model relies on cheap or free access to this type of prospecting information, which they often receive from large corporations or buy from data vendors. If you are/were on the receiving end of such data, or harvest your own information, be prepared to face the consequences of the law as the burden of proof lies with you to prove that you obtained each person’s consent. As such the cost of obtaining qualified source data, i.e. where the consumer consented to this and the 3rd party source can prove this, will increase.