Personal information protection coming soon

The next time a call centre agent tells you they got your number from the “national consumer database”, ask to speak to their manager.

Aside from the fact that no such list exists, the Protection of Personal Information Act (Popi) holds any entity handling personal information responsible for how that information was obtained.

However, while certain sections of Popi came into effect in April 2014, the Office of the Information Regulator, which would enforce the Act, is still being established.

Direct Marketing Association of South Africa (DMASA) chairperson Warren Moss said this would probably happen in the next few months, after which companies would have between 18 and 24 months to become compliant.

Until then, the manner in which companies secured personal contact information remained “a grey area”, he cautions.

“[Companies] have built up their data over many years and before there were any laws regulating the access and exchange of that data. In the past, banks, insurers and cellphone companies would buy data from anyone,” he said.

DMASA’s accreditation programmes, called the Centres of Excellence, audits the Popi compliance of list brokers and has 13 accredited brokers.

Companies can legally buy or rent contact lists from these brokers for their direct marketing campaigns.

Brokers obtain their data in various ways – social media campaigns and opt-in competitions; loan registration websites; promotional websites; credit bureau updates; and public domain information.

Administered by DMASA, the national opt-out database enables you to opt out of all direct marketing communication.

“If you have been registered on the national opt-out list and you’re still receiving direct marketing calls, you should escalate that with the company concerned or contact DMASA through its website,” says Jaco Schutte, director of marketing services at TransUnion Analytic and Decisioning Solutions.

– Moneyweb