The Act was created to protect the privacy of South Africans’ personal information when it comes to electronic communication exchange by means of SMS, fax, email, Twitter and the like.
Wayne Mann, The Unlimited’s director of Group Risk, says that while the company supports POPI in that it addresses the responsible and secure processing of data and seeks to protect the privacy of South Africans, the concern is that certain provisions will negatively impact small business in South Africa and the economy.
“Not only is the cost of compliance prohibitive, with the additional cost burden likely to cripple many small businesses, but once it comes into effect, POPI will impact their ability to market themselves effectively, particularly those dependent on electronic marketing. It’s another piece of red tape that’s going to make it very difficult for small businesses to sustain themselves.”
Mann cites the example of a small company that relies for its sustainability on emailing monthly specials to its 10 000-strong database. “POPI will outlaw this form of electronic marketing unless people on their database have ‘opted-in’, giving their consent to being marketed to in this way.
“Obtaining such consent comes at a cost and these small businesses can expect their target markets to contract.”
Direct marketers in the financial services sector, adds Mann, also play a key role in delivering cost-effective financial solutions to people who have been historically underserved. “POPI will create a situation where such people will have more limited access to information about such solutions.”
He also questions the need for the law when consumers are already protected under the Consumer Protection Act and have a choice to “opt-out” when approached electronically by direct marketers.
Information governance specialist Francis Cronje, founder and MD of franciscronje.com, says the legislation’s intention is to protect South Africans’ right to privacy – which includes the right to protection against the unlawful collection, retention, dissemination and use of personal information.
“POPI will encourage organisations to take accountability for the information individuals or companies give them custodianship of and will provide sufficient recourse should they fail to take accountability for the lawful processing and safeguarding of this personal information. It will also compel organisations to better manage the information they have, leading to operational savings in the long run.
“With cybercrime becoming more advanced and more prevalent, the managing and governance of information is paramount. POPI enforces such management and governance,” he says.
POPI also seeks to remove trade barriers that may exist because of restricted cross-border transfer of data, the result of inadequate data protection legislation in South Africa.
Cronje disagrees with the assertion that the cost of compliance is prohibitive. “While POPI will have an impact on smaller organisations that process information, they won’t have to spend thousands of Rand to become compliant. “Small things can be done to align one’s business to the Act such as shredding confidential information if and when it’s no longer required and proper notification as to why the business or organisation is collecting personal information and how it uses it.”
Built into the legislation, says Cronje, is self-regulation, through which industries that have strong codes of conduct can apply for certain exclusions from it.
“For example, if an SMS is the only way people in rural areas can access information that could benefit them economically, one could argue that the “opt-in” provision might hamper economic growth, and the subsequent gaining of such consent might be impractical or impossible.
“The way to resolve this would be for the relevant industry representative bodies to create codes of conduct that could address these issues. They could then apply to the Information Regulator’s office for an exclusion. But there must be an acceptable balance between individuals’ rights to privacy and their socio and economic interests, as well as between these rights and the public interest,” he says.
Warren Moss, chairman of the Direct Marketing Association of South Africa (DMA), says that while people could be prosecuted for sending unsolicited marketing communication electronically under POPI, he thinks lawmakers will be reasonable and allow for exclusions where codes of conduct protect the spirit of the law and promote economic activity.
Economist Mike Schüssler says POPI will inhibit economic growth and agrees that it will create barriers of entry for small businesses. He also questions the need for additional legislation. “We should first be asking what is needed to grow the economy, before creating rules and regulations that impact the cost of doing business in South Africa, inhibit growth and stifle competition. POPI also makes it more difficult for South Africans to compete with international players in the local market.”
Government, concludes Mann, needs to find the middle ground where personal information is secure within an environment that stimulates economic activity.
“Ultimately all of us will pay a price if South Africa is unable to achieve the levels of growth required to meaningfully reduce unemployment and the unacceptable levels of inequality.”