THE days of unsolicited marketing e-mails and SMSs are numbered as new laws are set to be implemented to curb the illegal distribution and use of consumers’ personal information.

Companies that are storing data using cloud solutions could also be under scrutiny. The Protection of Personal Information Act, which has been signed into law, intends to establish a protection of personal information regime in South African law and bring the country in line with international standards of protection of personal information.

Parallel to that, the National Consumer Commission is expected to issue a tender for the provision of a national opt-out registry that will enable consumers to block direct marketing by listing their contact details in that registry.

Bluegrass Digital Direct MD Nick Durrant says marketers will feel the biggest effect because the processing of information for direct marketing is now deemed illegal unless the company has gained the requisite consent from the person involved and as a consequence, platforms such as e-mail and database-marketing will be heavily influenced by the act.

He says aligning with the act in the correct way will mean that one’s marketing campaign will not adhere to any spam.

"This … regulates the rights of persons in respect of automated decision-making and unwelcome electronic communication," he says. "Organisations who pave the way in the market for compliance (with the act) will earn the desired consumer’s respect and loyalty — key components in gaining brand loyalty," he says. By adopting the principles of the act, Mr Durrant says organisations can dig deeper into existing customer data by building a customer-focused strategy.

Information gained from customers and markets through data analysis of personal information, when obtained in compliance with the act "is marketing gold," he says.

Institute of Interactive and Direct Marketing president Alastair Tempest agrees. While most spam originates from outside South Africa, the act and the expected establishment of the national opt-out registry is the "silver bullet to kill spam". The act will identify and stop criminal spammers operating in South Africa, he says. The act "will encourage best practice by marketers. Companies will be able to improve the quality and target a specific audience," he says.

In a Cibecs business data protection survey only 26% of respondents are actively adjusting their processes and looking for technologies to ensure they comply with the Protection of Personal Information Act, says Ayanda Dlamini, business development manager, LGR Telecommunications.

The act radically changes the way data must be captured, stored and secured. It aims to prevent the negligent disclosure of information, protects a wide range of data — from identity numbers and contact details, to financial history and biometric data.

Companies operating in sectors that request personal particulars — such as financial services or telecoms, will be required to carefully manage the data capture and storage process.

This could have a significant effect on a broad range of company functions, Mimecast South Africa security specialist Heino Gevers says. For companies storing information in the cloud, the act has stringent cross-border data transferable expectations that make it difficult.

Mr Dlamini says data warehouses will need to have new processes inherent in the capture and profiling of data, with compliance built in from the point of entry, to processing and storage of data and the management of data transfer. In cases where data is moved across borders, contracts must be drawn up with cloud service providers and carriers to ensure the provisions of the legislation are met, even when data reside outside South Africa’s borders.

"The implications for enterprise mobility will also have to be assessed, since the legislation will relate to information captured across a variety of channels in a variety of formats," he says.

Companies will have to ensure their cloud solutions providers comply with the law.