CELLPHONE subscribers bombarded with unsolicited sales calls and text messages are waiting for regulations that could prevent this practice.
The Protection of Personal Information Bill (Popi) is expected to be signed into law this year, while the National Consumer Commission is expected to restart the process of establishing a national opt-out register for consumers to block direct marketing by listing their contact details in that registry.
The intention of the bill is to establish a protection of personal information regime in South African law and bring the country in line with international standards of protection of personal information, says bulk SMS provider SMSPortal.
Once the bill comes into force, South Africa will be ruled by a privacy act that is closely based on European Union laws.
In the meantime, consumers can use the Direct Marketing Association of South Africa’s "do not contact" registry to remove their details from the mailing list used by marketers.
Every citizen is considered to have opted in, as consumers’ personal information, such as physical and postal addresses, telephone and cellphone numbers, is available from many sources. Moreover, people also give out their information when they fill in forms at shops and some consumers unwittingly agree to be contacted for product promotions.
About 70,000 people have listed their numbers on the Direct Marketing Association of South Africa’s registry.
"The list has continued to grow slowly.… There was a small jump in numbers a couple of weeks ago. This was also affected by the annual increase in marketing around the holidays leading up to Christmas," says Institute of Interactive and Direct Marketing president Alastair Tempest.
He says the bill will be important, and not just for marketing. Any database, including the government’s, will have to "toe the line" and many large companies and organisations have vast databases that would not comply unless "their owners start to take action to clean them up".
SMSPortal MD Charles Stretch says that "specifically relating to the running of SMS marketing campaigns, direct marketers cannot use personal information for direct marketing unless they have the consumer’s permission — and in the case of a direct marketing organisation, they must have opted in".
"South Africans will have, for the first time, the right to privacy of their personal information, in an enforceable way. It is going to be a period of change and uncertainty for many, but as organisations responsible for people’s personal information we must all act responsibly and uphold the reputation of businesses like ours, as well as our partners who use our service," says Mr Stretch.
The bill will also address the transfer of data to other countries. According to Mr Tempest, Swaziland is looking at similar legislation. Any business or organisation with cross-border interests, such as a bank operating in various parts of the continent, will have to apply the bill to personal data, for example, clients’ accounts crossing frontiers.
"That’s certain to encourage all of South Africa’s neighbours to look at Popi-style laws," Mr Tempest says.
Werksmans Attorneys director and information technology law specialist Tammy Bortz says that although the bill prohibits the transfer abroad of personal data, it provides for a number of exemptions to this.
"One of the benefits of Popi is that it sets out the requirements to enable the transfer of personal data offshore, which will in turn enable South African companies to do business internationally," she says.
The bill provides for exemptions to the cross-border transfer in a number of circumstances. Companies need to work through these exemptions, Ms Bortz says.
The legislation could be a useful mechanism for South African organisations that may currently be prohibited from transferring data to, or bringing them to South Africa from, overseas destinations, she says.
For example, the data protection laws in the UK only allow personal data that are being processed in the UK to be sent to a country whose laws provide similar data protection as those of the UK.
According to Ms Bortz, the bill, once it becomes law, says any existing prohibitions to the transfer of data from the UK to South Africa on the grounds that South Africa does not have in place sufficient data protection laws will fall away.
"This is especially good news for South African companies wishing to use cloud services and where such use will require them to place personal data of their customers or employees in an offshore cloud," she said.
More in this section
- Guptagate report shows manipulation, collusion and illegal blue lights
- SABC presenter Mbuli hailed as patriot and ‘zealous newshound’
- Karabus lawyer says South African nurse behind bars in UAE
- Eskom was ‘on the brink of a power shutdown’
- Iran ‘behind US cyber blitz’
- THICK END OF THE WEDGE: We can already write the NDP off