Connect with us

Compliance

Give Consumers the Option to Opt Out

Establishing an equal playing field between brand and consumer.

Warren Moss

Published

on

001

South African marketers are coming under increasing pressure from existing and new legislation that determines how they market to potential customers via mobile and email messaging. These measures actually place us on a more equal footing with developed markets, but overly stringent laws may have unintended consequences.

In an environment that is evolving as rapidly as the digital marketing space, it’s always good practice to have rules or guidelines that determine what is allowed and what is not. This is especially relevant in an era where around 80% of all email is classified as spam and in which the inbox has become a popular destination for these and more malicious messages.

As an active participant in the global economy,South Africa is therefore bound to ensure that it creates an environment that discourages unscrupulous marketing or malware that could as easily land in an inbox in London or New York as one in Johannesburg or Khayelitsha.

New legisaltion

We have therefore seen several new pieces of legislation over the past few years that try to establish a level playing field for consumers and marketers, while aligning the country’s laws with international practices.

This last point is particularly important given that South Africa’s growth prospects are heavily dependent on strong trade relations, which often demand strict regulatory and governance frameworks.

And this is the position we find ourselves in with the highly anticipated Protection of Personal Information (PoPI) Act. Aside from the positive implications for South African consumers, this piece of legislation is also a key step toward the country demonstrating its willingness to enforce global standards, and thereby improve its chances of participating as an equal partner in the global economy.

Internationally accepted limits

It stands to reason that few international organisations would consider investing here or outsourcing services to South Africa if the local regulatory framework did not provide internationally accepted limits or protection.

And this is a position that regulators and policy-makers should pursue with vigour. My question, however, is whether we should be applying blanket laws that don’t fully take local conditions and demographics into consideration.

One of the bugbears in the digital marketing space, for example, is the persistent question of when and how marketers can send commercial messages to consumers.

This has been effectively handled in legislation such as the Electronic Communications and Transactions (ECT) Act and, strangely, by the Consumer Protection Act (CPA). I say ‘strangely’ because the Act was intended principally to protect consumers’ rights when purchasing a product or service, but was then extended to include the marketing of these goods or services.

Weeding out unscrupulous operators

Demographica fully supports the intentions and effects of both these laws as they lend credibility to providers such as us by weeding out unscrupulous operators. As a member of the Direct Marketing Association (DMA), we are also bound by codes of conduct that further strengthen the industry, but we also benefit from the Association’s participation in the regulatory process.

The DMA, for example, consulted extensively with policymakers in the drafting of the CPA to finally allow the practice of digital marketing opt-out rather than opt-in. Under the latter scenario, marketers may only send commercial messages to consumers who have given express permission to be contacted, while the latter requires consumers to opt out from receiving such messages.

There are a raft of other limitations and requirements in the Acts that prevent the wholesale spamming of the entire population, so it’s not as if the opt-out mechanism is a signal for unethical marketers to have a field day.

Who will suffer

Had opt-in been laid down in the Act as the only acceptable means of building subscriber databases, I believe consumers would suffer as much as brands themselves.

The reason I say this is that large portions of the South African population don’t have easy access to materials or media through which they can be educated about a product or service. Whether it’s specials on food or home appliances, or more critical offerings such as financial services, they would be blind to opportunities from which they could benefit.

How can you opt in to something if you don’t even know it exists?

The ECT Act and CPA are both very clear on the measures that need to be taken to protect consumers’ rights with regard to the security of their information and when and whether they can be sent commercial messages. In both cases, the opt-out mechanism is accepted as a sufficient means to allow recipients to inform marketers that they no longer wish to be contacted.

The success of these laws in bringing a greater measure of credibility to digital database marketing should therefore be strongly considered in the drafting of the PoPI Act. We should also not lose sight of the unique marketing environment we operate in and that reaching consumers is somewhat different here than in other markets.

We welcome the prospect of the certainty that the PoPI Act will bring, especially as it will enable the entire industry to implement necessary measures and controls and move forward with certainty.

Warren Moss is the founder and CEO of Demographica, a leading digital email and SMS advertising company that represents an audience of over 22 million consumers. Demographica makes use of email and SMS marketing as a way of branding, marketing, advertising, customer acquisition and sales, carries the DMA's Centre of Excellence certification and has won numerous awards for its work in digital direct marketing. As a natural born entrepreneur, Warren was a finalist for the ABSA Jewish Entrepreneur Award and a finalist in the ICT Young Entrepreneur of Africa Award. Follow him on Twitter at @warrenmoss

Advertisement
Comments

Compliance

Can Your Words Be Used Against You?

Yes, they most certainly can. Here’s what the RICA Act has to say about recordings.

Andrew Taylor

Published

on

rica-act_rica-compliance_operations-and-compliance

“This call may be recorded for quality control and records purposes…” Anyone who has been on hold with insurance companies would be familiar with these words — but what are the implications of a recorded conversation and when is it legal?

In essence, the Regulation of Interception of Communications and Provision of Communication-Related Information Act of 2002 (mercifully shortened to ‘RICA’) permits any person, who is a party to a conversation to record that conversation, provided that it is direct communication — which is defined as oral communication between two or more persons that occurs in the immediate presence of those persons.

Section 4 of the RICA Act governs this aspect of our monitoring law. What is unclear, however, is the degree to which this extends to legal persons, such as a company that monitors a call centre agent’s performance, for example.

Related: Understanding Shareholder Agreements

Evidence in legal cases

While limited to direct communications and not covered by third party interception, such as an eavesdropper, the lesson here remains pretty stark — you could legally be recorded during any conversation you have.

The implications of this are significant — just ask former Springbok player Luke Watson, who had a conversation recorded during a function in 2008 that was subsequently leaked to the media.

Furthermore, with the widespread use of smartphones, together with applications freely available on the relevant app stores, designed to record cellphone calls, the likelihood of you being recorded — whether you know it or not, is ever increasing.

Beyond the moral or ethical ambiguity of this, the legal ramifications of what is recorded are more certain — the recording may be used against you as evidence in any criminal proceedings, or equally as possible, in civil proceedings where, for example, agreement to a contract or term thereof is in question, or in the insurance company’s case, whether or not to repudiate a claim based on the information you provide to them.

Related: Protect Your SME From PoPI

Know the business exception

Section 6 of the RICA Act contains a course of business exception that allows the interception of indirect communication:

  1. a) By means of which a transaction is entered into in the ordinary course of business
  2. b) Which relates to that business
  3. c) Which otherwise takes place in the course of that business.

While there has not, to my knowledge, been a reported case that deals with this aspect of the RICA Act, the implications regarding the use of this information to evidence the valid conclusion of a contract or as to the intentions of the parties to a contract are significant, particularly given that the scope is relatively broad, although limited.

The matter has, however, come before the Constitutional Court in the 1999 criminal case of S v Kidson, where the court held, per Justice Cameron, that unless a “reasonable expectation of privacy exists” it would be difficult to prevent the recording or interception falling within the ambit of the RICA Act.

Where to from here?

From both a commercial and criminal perspective, this should serve to remind us all of our wise grandmother’s words — if you have nothing nice to say, rather say nothing at all (especially because you never know whether you are being recorded).

Continue Reading

Compliance

Why You Shouldn’t Be Sweating The Fine Print

Signing a contract is a big deal, and you never want to sign anything you don’t fully understand.

Andrew Taylor

Published

on

contract-signing

While it is almost always a grudge purchase, ensuring that you have had a legal eye cast over a contract you intend to conclude means that you are protected, that you understand the nature of the obligations you are taking on and perhaps, an even better deal for you.

Given that legal agreements are an important aspect of commerce, we have distilled key points for you to consider, before engaging with external counsel. This will make the process more efficient and, hopefully, less expensive.

Reviewing a contract is a tricky business, not entirely different from asking a builder to finish building a half built house. However, there are some useful techniques to ensure you get the most out of the exchange with your lawyer.

Related: Why Your Business Needs Employment Contracts

Always create a timeline

You have lived and breathed your business and this transaction, while your attorney is possibly hearing about the matter for the first time.

Setting the scene correctly puts your attorney in the picture and explains what you want out of the exchange. Print this out for your attorney.

It will help an attorney identify key areas of risk which you might not have anticipated. Be sure to also tell your external counsel how quickly you need the review to be done. Setting expectations means there is less chance of disappointment later.

Provide supporting documents

It wastes your time and money when your attorney has to come back to ask you for supporting documentation.

Try to anticipate which documents will be relevant to your transaction and bring copies of them to the meeting for your attorney to consider. If you have previous versions of the agreement, for example, bring those too.

Remember, the more background work you do, the simpler and more efficient the process will be.

Understand your needs

Are you looking for a high level overview of your document to highlight some key contractual risks or are you looking for a thoroughly sanitised document reviewed from every possible angle?

I recently had to look over Jim’s Sale of Business Agreement for the potential acquisition of his Technology Company. He came to me with limited areas of risk which he had identified and wanted me to look at these clauses.

I was able to advise him to push back on certain clauses he had already negotiated and the resulting document placed him in a stronger legal and financial position. It was easy to justify the costs associated with the review.

This is not always necessary though — where there is limited legal exposure, or you have no bargaining power, the role of the attorney can be restricted, but still worth the investment since you have assurance that your legal exposure is as restricted as possible.

Be guided by the relative value of the document and the ensuing legal responsibilities — is this a standard supply agreement with a strange payment clause or a multi-national acquisition of intellectual property? The type of expert you engage with will vary, as will the cost of the review.

Related: Protect Yourself: How to Structure Your Consulting Contracts

Areas of concern

Directly related to knowing your business and understanding your needs, is your responsibility to communicate specific areas of concern to your attorney.

A recent client’s business processed a lot of personal information, in accordance with the Protection of Personal Information Act, but, the contractor they were about to sign a service supply agreement sought to have access to some of this personal information.

Had the client signed this agreement without a review of the potential legal consequences, it would have resulted in a clear breach of an essential provision of his own terms of use.

Seen alone, there was little risk, but within the context of this business, we were able to avoid this. A trusted and qualified expert will help you navigate the complex commercial world.

Continue Reading

Compliance

Are You Protecting Your Customer’s Data?

A company’s privacy policy dictates what personal information is processed, and the manner in which such information is collected, stored, and shared.

Kyle Torrington

Published

on

POPI-Act-south-africa

The collection, usage and sharing of personal information is regulated primarily by the Protection of Personal Information Act 4 of 2013. The Act was recently promulgated and is yet to be implemented. The Act seeks to give expression to the right to privacy provided for in the Constitution.

At the time of writing, the primary enforcement arm contemplated by the Act, the Information Regulator, has yet to be appointed. Once appointed, all businesses will be required to register with the Information Regulator to make public what personal information is being collected, and what it is being used for.

The Information Regulator will be empowered to enforce compliance with the Act, and able to investigate whether an entity is lawfully processing the public’s personal information. 

Related: Protect Your SME From PoPI

How are privacy policies affected?

The Act defines the term ‘processing’ broadly, and includes “the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of a person’s personal information”. To process a person’s personal information, the prior consent of the person (data subject) is needed.

Personal information includes email addresses, names, identity numbers, phone numbers, the race, gender, religion, marital status of a person, and if applicable, an entity such as a company, to name but a few. One of the purposes of a business’ privacy policy is to obtain such consent, by an indication that the privacy policy has been read and agreed to.

The primary purpose of a privacy policy is to set out in clear and concise terms what personal information is collected by the company, and exactly what the company will and will not do with that information. It should also set out whether personal information will be shared, and with whom.

The Act restricts a company’s ability to store personal information outside of the country by requiring that it be transferred only to countries in which comparable security laws and data protection measures exist.

A situation such as this arises more easily than expected. Consider the example of the humble contact form: Your website, with its local server situated in Midrand, utilises a plugin to create custom contact forms.

Although your server may be in Midrand, every person who completes the contact form on your website has their personal information transferred and stored on servers in the home jurisdiction of your plugin creator, which may be in the US. But the plugin creator may also make use of third-party service providers based in Vietnam. An in-depth investigation of all third-party plugins and processes of a website is therefore required to ensure that you comply with the Act.

Access by a data subject to personal information

A data subject is entitled to request a full disclosure of any personal information held by the company.

As the procedures governing access to personal information overlap, companies should also ensure compliance with the processes outlined by the Promotion of Access to Information Act 2 of 2000 (‘PAIA’).

Related: Five Tips for Effective Marketing that Complies with the POPI Act

In terms of PAIA, all companies are required to compile a manual that needs to be registered with the South African Human Rights Commission. This manual sets out the company’s contact information, what records are available for inspection, the identity of the leadership of the company, as well as the manner in which a person may request access to information held by the company.

However, the Minister of Justice and Correctional Services has exempted private bodies from complying with this requirement for a period of five years, starting from
1 January 2016.

To ensure compliance with all data protection, privacy, and access to information laws, a privacy policy and a PAIA manual will be required by every business.

Continue Reading

Trending

FREE E-BOOK: How to Build an Entrepreneurial Mindset

Sign up now for Entrepreneur's Daily Newsletters to Download​​