Reasonably practicable compliance with POPI is not enough

When considering how much you should do to comply with legislation like the Protection of Personal Information Act, you have three choices: Do as little as possible and see what you can get away with; Calculate the degree of “reasonably practicable” compliance required and stick with that; Adopt a more holistic approach to compliance. OfContinue reading “Reasonably practicable compliance with POPI is not enough”

POPI compliance and your plan to fail

Unfortunately many companies may have left their preparation too late, especially the larger companies, and have not yet established a complete set of practices and processes to ensure their compliance with POPI’s many requirements. Although companies will likely have a year before many of POPI’s compliance requirements go into effect, a year is simply not enough time to prepare adequately. Compliance isn’t just a matter of writing a privacy policy and publishing that. In order to comply with POPI, organisations have to ensure that all their underlying processes are aligned with POPI’s requirements. In this sense a privacy policy is really more of a description of a series of data protection practices which have been implemented throughout the organisation. If there is a disconnect between your organisation’s practices and processes and what the privacy policy describes, the consents you are hoping to obtain through the privacy policy will amount to little more than lip service to the legislative framework it serves.

Consent for Direct Marketing Under POPI

The Protection of Personal Information Act has particular interest for direct marketers because of the likely substantial impact the legislation will have on consumer-facing initiatives when it goes into effect. POPI has a section that deals specifically with and introduces a consent model designed for direct marketing. It is an interesting model and I’ll explain why in this post.

The Path to the spam Dark Side is paved with lawyers’ wishful thinking

Planning for the Protection of Personal Information Act is not a small endeavour and taking shortcuts to preserve current business models may turn out to be disastrously short-sighted in the year or two ahead. My colleagues may be correct in their approach and their clients may be able to adopt a relatively liberal interpretation of the Protection of Personal Information Act and its implementation. I have a different take on how the Act will apply, especially given its broader role as substance for the Constitutional right to privacy. Going beyond the Act’s interpretation and application by the proposed Regulator and Courts, the risk of being too careless with consumers’ personal information could have even more dire consequences for brands than legal non-compliance. 

Processing, personal information and direct marketing under POPI

Consent, while critical, just scratches the surface of the Protection of Personal Information Bill. There is a lot more to the anticipated Protection of Personal Information Act and, in this post, I’d like to give you an overview of two further important terms used in the Protection of Personal Information Bill, namely “personal information” and “processing”.

POPI compliance is a steep, uphill climb for direct marketers

The Protection of Personal Information Act is going to have a radical impact on the direct marketing industry and a number of direct marketing businesses are going to shut down because they won’t be able to adapt and remain viable, especially if they don’t take action right away. If you don’t have a direct marketing business that is already based on a truly consensual business model (bearing in mind the consent model in the Protection of Personal Information Bill), you simply can’t afford to waste any more time.

Is WhatsApp violating your privacy rights?

Background The popular mobile and multi-platform messaging service, WhatsApp, was investigated recently by the Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority for apparent violations of Canadian and Dutch privacy laws. The investigation found a number of violations and the Canadian Privacy Commissioner released an update on 28 January 2013Continue reading “Is WhatsApp violating your privacy rights?”

An introduction to the Protection of Personal Information Act

The Protection of Personal Information Bill is currently making its way through Parliament and is expected to be passed into law before the end of 2012. At that point it will become the Protection of Personal Information Act. This post is a brief introduction to POPI and part of an ebook about this law PaulContinue reading “An introduction to the Protection of Personal Information Act”

First National Bank and its marketing consent problem

Innovative bank, FNB, has a consent problem. Jason Elk published a blog post over the weekend titled “FNB, what on earth are you doing to your customers?” in which he took issue with a consent mechanism FNB has been making use of or some time now. Essentially, this consent mechanism requires that customers agree toContinue reading “First National Bank and its marketing consent problem”

Tension in the direct marketing industry over opt-in requirements

The Consumer Protection Act sparked quite a bit of interest in direct marketing and consumers’ rights to opt-out of receiving direct marketing communications. It has also highlighted a tension between direct marketers and consumer orientated initiatives to protect and enhance consumer rights. Some of these initiatives have been undertaken by two industry bodies, the InternetContinue reading “Tension in the direct marketing industry over opt-in requirements”