The Information Regulator on Tuesday put the skids on direct marketing messages with its first “Enforcement Notice” directed at FR Ram Consulting, a training institution.
The regulator said it issued the Enforcement Notice as a result of a direct marketing complaint.
The regulator acted on a complaint from a data subject (a person to whom the personal information relates) following countless direct marketing messages received by them.
Regardless of the multiple attempts to opt out and requests to be removed from the company emailing list, FR Ram Consulting blatantly ignored the pleas from the data subject and continued to send them marketing messages via email.
Following findings of the contravention to various sections of the Protection of Personal Information Act (POPIA), the regulator said it issued an Enforcement Notice to FR Ram Consulting.
In the Enforcement Notice, the regulator has ordered FR Ram Consulting, among other things, to immediately stop sending unsolicited direct marketing messages by means of any electronic communication, including telephone, fax, SMS, email, or automated calling machine, to any data subject who has not consented, including the complainant.
The regulator ordered that FR Ram Consulting must ensure that the first communication sent to data subjects is one in which it requests their consent and must approach such data subjects only once to obtain consent.
FR Ram Consulting was also instructed to use the form prescribed by the regulator for this purpose.
The regulator said the use of this form remains compulsory.
Johannesburg – The Information Regulator on Tuesday put the skids on direct marketing messages with its first “Enforcement Notice” directed at FR Ram Consulting, a training institution.
The regulator said it issued the Enforcement Notice as a result of a direct marketing complaint.
The regulator acted on a complaint from a data subject (a person to whom the personal information relates) following countless direct marketing messages received by them.
Regardless of the multiple attempts to opt out and requests to be removed from the company emailing list, FR Ram Consulting blatantly ignored the pleas from the data subject and continued to send them marketing messages via email.
Following findings of the contravention to various sections of the Protection of Personal Information Act (POPIA), the regulator said it issued an Enforcement Notice to FR Ram Consulting.
In the Enforcement Notice, the regulator has ordered FR Ram Consulting, among other things, to immediately stop sending unsolicited direct marketing messages by means of any electronic communication, including telephone, fax, SMS, email, or automated calling machine, to any data subject who has not consented, including the complainant.
The regulator ordered that FR Ram Consulting must ensure that the first communication sent to data subjects is one in which it requests their consent and must approach such data subjects only once to obtain consent.
FR Ram Consulting was also instructed to use the form prescribed by the regulator for this purpose.
The regulator said the use of this form remains compulsory.
“Furthermore, they must also ensure that they only send such a message to a data subject who had not previously withheld his or her consent,” the regulator said.
FS Ram Consulting was ordered to compile and maintain a database of all data subjects who had previously withheld or did not consent to receiving unsolicited direct marketing messages and submit a design of such a database to the Regulator.
FR Ram Consulting has also been ordered to provide an undertaking to the regulator regarding compliance with these orders.
Regarding breaches of the Protection of Personal Information Act (POPI Act or POPIA), the regulator said it determined that FR Ram Consulting interfered with the protection of personal information of the data subject.
This means FR Ram Consulting contravened the conditions for the lawful processing of personal information.
Furthermore, the regulator found that FR Ram Consulting also violated section 69 of POPIA which regulates direct marketing using unsolicited electronic communications.
“Our leniency regarding direct marketing through unsolicited electronic communications is going to be a thing of the past because responsible parties (public or private bodies) ignore the provisions of section 69 of POPIA and infringe on the rights of data subjects,” said Advocate Pansy Tlakula, Chairperson of the Information Regulator.
“In response to this, we are also putting together a guidance note which will clearly spell out the dos and don’ts of processing personal information for the purposes of direct marketing by means of unsolicited electronic communication,”
The regulator found that FR Ram Consulting had failed to adhere to POPIA and contravened sections 69 (1) and (2) in that the training institution transmitted to the data subject, without first obtaining their consent, persistent direct marketing communication through emails about the courses or webinars that it offered.
Although the data subject was provided with the option to “opt out”, this did not remedy the situation.
The regulator ordered FR Ram Consulting to adhere to the instructions contained in the Enforcement Notice and demonstrate such to the Regulator within 90 days of receipt of the notice.
Non-compliance with an Enforcement Notice was regarded as a contravention of the law and can upon conviction result in a fine of up to R10 million or imprisonment for a period not exceeding 10 years or to both such a fine and imprisonment.
POPIA do’s and don’ts
Section 69 (1) of POPIA states that the processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication is prohibited unless the data subject has given their consent to the processing.
Section 69 (2) clearly states that a responsible party may approach a data subject who had not previously withheld such consent only once to request the consent of that data subject.
POPIA defines consent as voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.
This article was originally published by TheBulrushes. It is republished by TechFinancials under a Creative Commons Attribution-NoDerivatives 4.0 International Licence. Read the original article