South Africans will have to wait a bit longer before they can tell marketers to stop calling, SMSing and e-mailing them, as a much-needed national opt-out register has yet to be set up.
In addition, it will be quite some time before consumers' data is better protected by a pending law, which seems to be languishing in the parliamentary process.
On Friday, the Consumer Protection Act (CPA) came into effect. It makes marketers give consumers the choice to opt out from all direct communication. It will also force firms to disclose the source of personal information.
However, consumers can't currently opt out of all direct communications in one fell swoop by signing up with a national register, because the database has not been set up.
Under the CPA, the Department of Trade and Industry (DTI) must facilitate a national register to allow consumers to opt-out from all marketing contact - but no one knows when the registry will be created.
Meanwhile, consumers will have to say no to each individual marketer that bombards them with spam.
In addition, there have been several delays in promulgating the Protection of Personal Information (PPI) Act. This means companies are free to sell people's personal contact information without having to comply with any checks and balances. Currently, selling people's names and contact details is legal.
Don't call me
Although list vendors can still tout contact details, consumers can now tell marketers to stop contacting them. Thanks to the CPA, an end to unwanted calls, SMSes and e-mails from marketers is in sight. If they don't stop the spam, they can be fined 10% of turnover, or R1 million.
Warren Moss, MD of Demographica, says marketers will have to cross-reference their databases against a national opt-out registry. They can't contact people who have signed up on the database, as it's a violation of the CPA.
However, there is no clarity from the DTI as to how this list will be administered. Currently, consumers can join a national opt-out register administered by the Direct Marketing Association (DMA). Access to this list is restricted to the DMA's 340-odd members.
Moss says many call centres claim to have gained people's information from a “national consumer database”. However, he points out: “There's no such thing as a national consumer database... it's used as an excuse.”
DMA CEO Brian Mdluli says the association is still waiting for clarity from the DTI as to where the register will be held, and who will administer it. The CPA falls under the DTI's jurisdiction.
The DMA cannot open up its list to every direct marketing company in the country as “I may as well put it up on a Web site and then all the 419 guys can get the data”. However, the DMA is home to about 95% of South African marketers, Mdluli adds.
Pieter Streicher, MD of BulkSMS.com, pointed out in a blog this week that the development of the registry had only recently gone out to tender. He expects the database to be ready in a year or two.
Better protection?
The PPI aims to protect consumers' personal information, such as contact details, address information and identity numbers. A promulgation date has yet to be announced.
The pending law lays down strict criteria for how firms can use people's personal information. Data must be kept secure, and only used for a specific purpose. It will work in tandem with the CPA, which came into effect on Friday.
List vendors that sell people's information for marketing purposes must comply with the PPI, or face heavy penalties. In addition, companies bust buying contact lists from non-complaint vendors will violate the law, and also run the risk of jail time or fines.
This weekend, ITWeb received an e-mail offering South African e-mail addresses for sale. For R499, 20 000 e-mail addresses can be bought, and for R1 799, the “company” promises to provide a million local e-mail addresses.
The mail, from an anonymous Gmail address, promises a high rate of response from the e-mails on its database. It includes the seller's contact number, but does not seem to originate from a bona fide company.
Dirty data
Moss says contact information being touted by list vendors is often suspect as not all vendors verify their data.
Companies are “all buying from the same pool of dirty data,” says Moss. When the PPI comes into effect, companies caught buying lists that don't comply with the PPI face “huge fines”, notes Moss. This will deter firms from buying suspect lists, and better protect consumers' information.
Under the PPI, people who infringe the Act face a year behind bars, or a fine that has yet to be determined.
The PPI places stringent requirements on list vendors. Data must be fairly and lawfully obtained, only used for a specific purpose, and kept secure, explains Moss. He adds that companies that store consumers' data must provide people with all the information they have on record about them.
These requirements will be costly to implement as they will require IT investments, and are so onerous that suspect list vendors will be forced to shut down. The PPI, says Moss, will “weed out the one-man-bands”.
Moss says the sector is worth about R1 billion a year, and is dominated by 10 large players. However, the PPI's onerous requirements will see smaller companies shut down, wiping out about R400 million revenue in today's terms, he explains.
The irony is that information selling is on the up as vendors try and sell their lists as many times as possible before the PPI Act comes into effect, notes Moss. He says the industry will start growing again after the PPI when companies see the need for accurate data.
However, adds Moss, the new legislation won't cut down on identity theft because most ID theft is at a low level, as people's information is stolen through petty crime such as card-skimming at restaurants.
Mdluli says the association encourages its members to have their data audited now so they comply with the PPI when it comes into effect. He says the PPI is welcome as the DMA is worried that “people are selling lists on Gumtree”.
The biggest problem at the moment is that big brands are buying data that has not been audited, says Mdluli. “You won't battle to flog [data] if someone is willing to buy it.” However, when the PPI comes into effect, current lists will also have to go through the audit process.
Share