• The power of perseverance

    True grit is a reliable predictor of who will achieve success in life, says Ian Mann.

  • It's the system

    The system sucks and it’s being used far too often as an excuse, says Mandi Smallhorne.

  • Web of dependency

    Zupta defenders are playing cat and mouse with ratings agencies, says Solly Moeng.

All data is delayed
See More

Protect your privacy

Jan 17 2013 07:21
*Steve Ferguson
THE Protection of Personal Information Act (Popi), due to become law early this year, for the first time introduces legal protection in South Africa against the serious risks and harm arising from the unauthorised collection and abuse of personal information.

Popi has been criticised for being yet another piece of regulation driving up the cost of doing business in SA at a time when we can ill afford it. It will also have a significant impact on the direct marketing industry.

But the new law is generally welcomed and will go a long way to promoting SA's digital economy. In line with similar laws internationally, Popi sets out a number of minimum requirements for the lawful collection and processing of personal information for marketing and other business purposes.

Defaulters will be subject to substantial penalties and sanctions, including civil and criminal action and negative media publicity. Unlike most other laws where people can enforce their rights only through expensive litigation, Popi creates an enforcement system that is free and accessible to the public.

Lawyers and high legal fees will no longer be a deterrent for disgruntled customers and members of the public whose privacy is abused.

Five good reasons to start now

But aside from the obvious benefits of avoiding legal sanctions or bad PR, taking a proactive approach to privacy protection also provides a number of other benefits. For marketers, here are five good reasons to get started:
  1. You can build higher levels of trust and better relationships with customers and prospects when you collect their personal information by reassuring them that you take privacy seriously and that their information will be taken care of while under your custody.
  2. It will encourage customers and prospects to share more valuable information with you by being transparent about the way you collect and deal with their information.
  3. You will improve opt-in rates for your marketing messages and materials by not abusing contact information, time or attention.
  4. It will drastically reduce the costs of dealing with access requests, complaints and disputes around the personal information you use.
  5. Use your Popi compliance as an opportunity to create more effective, better-run systems and processes within your organisation for managing all your information assets. This will result in improved decision making, less risk and a greater chance of realising your marketing and other business goals that depend on quality information.
How to start

Respecting privacy and showing that you take care of the personal information you hold does not need to be a complicated and expensive exercise.

Start by auditing your information and record-keeping systems (both digital and paper-based) to identify where and what personal information you have, and on whom. Common examples include customer or prospect names, identity numbers, bank account details, debit or credit card numbers and purchase history.

Identify the reasons why you hold that information and whether it is still serving its purpose. Check whether you have consent from the data subjects, or whether you should be contacting people on your database again to get their opt-in or to update their information.

Gives you a good excuse to make contact and show that you are taking their privacy seriously!

Assess the current physical and technology safeguards you have in place, and whether they are adequate to secure the personal information you hold. Pay attention to high risk information, such as unencrypted digital data found on laptops, tablets, smartphones, and other portable storage devices.

Restrict the access privileges of employees and outside service providers and contractors who don't need access to certain information to do their job. Promote awareness and training on security and privacy issues and implement and enforce internal policies and procedures.

Ground rules to follow

When collecting and processing personal information, follow these simple guidelines:
  • Ask permission before you collect, use or share personal information.
  • Collect the minimum amount of information necessary to achieve your business purposes.
  • Tell people what you are doing with their information and who you are sharing it with.
  • Keep it for the minimum time necessary.

So before Popi becomes law, get proactive about privacy.

 - Fin24

* Steve Ferguson is a director at NicciFerguson Attorneys and specialises in privacy, copyright and general technology law. He also lectures ICT law at the University of Cape Town. Views expressed are his own.

Follow Fin24 on Twitter, Facebook, Google+ and Pinterest.




Read Fin24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Company Snapshot

We're talking about:


Debt is one of the biggest financial issues facing South Africans today. Find out how you can avoid and manage your debt with Fin24 and Debt Rescue.

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...

Voting Booth

Would you take out a payday loan?

Previous results · Suggest a vote