How will POPI influence my ability to market my products?
As a business owner, you’ve probably heard a lot about the Protection of Personal Information (POPI) Act and the dangers it poses to your business.
The purpose of POPI is to protect the right to privacy when handling personal information. This right then needs to be balanced against other rights, for example, the right to access to information. In the marketing realm, direct marketing is most affected. Email and direct marketing campaigns cannot be carried out unless the recipients have given their consent to be contacted.
Not an end to direct marketing
Although at first glance it may seem that direct marketing is being phased out by this Act, this is not the case. Marketers will have to work a little harder to market their products or services, but the benefit is that they are ensured that those being contacted are actually interested in their offerings.
This allows for a more considered and focussed approach, rather than ‘spraying and praying’ offerings, hoping that they reach the right audience. As such, rather than putting an end to direct marketing, POPI regulates the practice and protects consumers.
Data retention limited
POPI requires that records of personal information not be retained for longer than is necessary for achieving the purpose for which the information was collected.
The exceptions to this rule are in instances where extended retention is authorised by law, the retention of information is lawfully required, a contract de8termines the term for which the information is required or the person whose information is being stored has consented to the retention of these records.
There are strict instructions as to how personal information records should be disposed of and the process to be utilised for the destruction of these records.
It is the responsibility of marketers to ensure compliance. In order to do this, marketers must make themselves aware of the requirements of the Act; in the event of an infringement it is important to note that, according to South African law, ignorance of the law is no defence.
Once they are aware of the requirements, marketers should review the processes that they utilise to gather, record, store, distribute and destroy personal information.
Parameters should be set up to ensure that personal information cannot be unlawfully accessed by third parties and that the records under the marketer’s control are sufficiently protected.