POPI Act Effect: The Marketers Guide

The basis of the Bill of Rights is that all human rights should be enforced, up until the point where they begin to infringe on someone else’s rights. As a country fuelled on democracy and equal rights, the Constitution is very clear when it comes to the protection of rights. The right to privacy is one of these rights and is regarded as being of utmost importance.

In many instances, to ensure that rights are upheld in a fair and unbiased manner, a balance is required. 2009 was a year of breakthrough for the protection of consumers with the promulgation of the Consumer Protection Act 68 of 2008. In the same year, the Protection of Personal Information Bill was drawn up. This Bill was made an Act of law in 2013, becoming the Protection of Personal Information Act 4 of 2013.

The effect that both of these Acts have on marketing practices should be noted. Compliance should be ensured in a proactive manner and parameters must be put in place to ensure adherence to the legal requirements. The purpose of POPI is to protect the right to privacy when handling personal information. This right then needs to be balanced against other rights, for example, the right to access to information. In the marketing realm, direct marketing is most affected. Email and direct marketing campaigns cannot be carried out unless the recipients have given their consent to be contacted.

Although at first glance it may seem that direct marketing is being phased out by this Act, this is not the case. Marketers will have to work a little harder to market their products or services, but the benefit is that they are ensured that those being contacted are actually interested in their offerings. This allows for a more considered and focussed approach; rather than “spraying and praying” offerings, hoping that they reach the right audience. As such, rather than putting an end to direct marketing, POPI regulates the practice and protects consumers.

POPI requires that records of personal information not be retained for longer than is necessary for achieving the purpose for which the information was collected. The exceptions to this rule are in instances where extended retention is authorised by law, the retention of information is lawfully required, a contract determines the term for which the information is required or the person whose information is being stored has consented to the retention of these records. There are strict instructions as to how personal information records should be disposed of and the process to be utilised for the destruction of these records.

It is the responsibility of marketers to ensure compliance. In order to do this, marketers must make themselves aware of the requirements of the Act; in the event of an infringement it is important to note that, according to South African law, ignorance of the law is no defence. Once they are aware of the requirements, marketers should review the processes that they utilise to gather, record, store, distribute and destroy personal information. Parameters should be set up to ensure that personal information cannot be unlawfully accessed by third parties and that the records under the marketer’s control are sufficiently protected.

Image source: Shutterstock