Reasonably practicable compliance with POPI is not enough

When considering how much you should do to comply with legislation like the Protection of Personal Information Act, you have three choices: Do as little as possible and see what you can get away with; Calculate the degree of “reasonably practicable” compliance required and stick with that; Adopt a more holistic approach to compliance. OfContinue reading “Reasonably practicable compliance with POPI is not enough”

POPI compliance and your plan to fail

Unfortunately many companies may have left their preparation too late, especially the larger companies, and have not yet established a complete set of practices and processes to ensure their compliance with POPI’s many requirements. Although companies will likely have a year before many of POPI’s compliance requirements go into effect, a year is simply not enough time to prepare adequately. Compliance isn’t just a matter of writing a privacy policy and publishing that. In order to comply with POPI, organisations have to ensure that all their underlying processes are aligned with POPI’s requirements. In this sense a privacy policy is really more of a description of a series of data protection practices which have been implemented throughout the organisation. If there is a disconnect between your organisation’s practices and processes and what the privacy policy describes, the consents you are hoping to obtain through the privacy policy will amount to little more than lip service to the legislative framework it serves.

PPC Lead Generation’s Privacy Risks

PPC lead generation is a search-based lead generation technique which leverages search terms to surface (preferably) relevant ads in search results. When you click on those ads you are often taken to landing pages where you have the option of submitting your details to a company so it can get in touch with you about its products and services. It’s a pretty smart marketing option because it begins with the premise that you are searching for what the company offers. It is also a potentially risky proposition for brands that fail to implement adequate privacy protections.

Consent for Direct Marketing Under POPI

The Protection of Personal Information Act has particular interest for direct marketers because of the likely substantial impact the legislation will have on consumer-facing initiatives when it goes into effect. POPI has a section that deals specifically with and introduces a consent model designed for direct marketing. It is an interesting model and I’ll explain why in this post.

Introducing POPI’s processing conditions

There is a lot more to the anticipated Protection of Personal Information Act and, in this post, I’d like to introduce you to what are known as “Conditions for lawful processing of personal information”. These conditions effectively operate as processing parameters and will have a relatively subtle but substantial impact on direct marketing because they limit the scope of what personal information can be processed and for how long.

Processing, personal information and direct marketing under POPI

Consent, while critical, just scratches the surface of the Protection of Personal Information Bill. There is a lot more to the anticipated Protection of Personal Information Act and, in this post, I’d like to give you an overview of two further important terms used in the Protection of Personal Information Bill, namely “personal information” and “processing”.

POPI compliance is a steep, uphill climb for direct marketers

The Protection of Personal Information Act is going to have a radical impact on the direct marketing industry and a number of direct marketing businesses are going to shut down because they won’t be able to adapt and remain viable, especially if they don’t take action right away. If you don’t have a direct marketing business that is already based on a truly consensual business model (bearing in mind the consent model in the Protection of Personal Information Bill), you simply can’t afford to waste any more time.

Extracts from a discussion about privacy and the Protection of Personal Information Bill

This is a partial recording from Marketing Mix‘s Permission Based Marketing Conference in Cape Town on 2012-06-01 where I was a panelist speaking about privacy and the Protection of Personal Information Bill. I recorded part of my contribution to the discussion and this recording covers the nature of privacy from the perspective of the BillContinue reading “Extracts from a discussion about privacy and the Protection of Personal Information Bill”

Tension in the direct marketing industry over opt-in requirements

The Consumer Protection Act sparked quite a bit of interest in direct marketing and consumers’ rights to opt-out of receiving direct marketing communications. It has also highlighted a tension between direct marketers and consumer orientated initiatives to protect and enhance consumer rights. Some of these initiatives have been undertaken by two industry bodies, the InternetContinue reading “Tension in the direct marketing industry over opt-in requirements”