Subscribe
About

Getting into the swing of POPI

By Dr Pieter Streicher, managing director of BulkSMS.com.

Pieter Streicher
By Pieter Streicher, co-founder of BulkSMS.com
Johannesburg, 09 May 2013
Dr Pieter Streicher, managing director of BulkSMS.com
Dr Pieter Streicher, managing director of BulkSMS.com

Keeping track of the latest version of impending legislation as it makes its way through the South African parliamentary system can be a nigh-on impossible task. So prepping your business for upcoming law - such as the Protection of Personal Information (POPI) Bill - can be a challenging and stop-start affair.

Over the last few weeks, we've received further clarity on POPI and its key definitions, allowing businesses to confidently start laying the foundations for regulatory compliance in continuing to market to their customers and prospects via electronic communication channels.

POPI refers to how companies collect and store consumers' personal information, and then, crucially, how companies can use this information to market to consumers. The good news is that it is a relatively simple matter to ensure your existing customer database is compliant and that any future details you collect are legal, says Dr Pieter Streicher, managing director of BulkSMS.com.

Key to understanding POPI is Section 69 of the Bill, which deals with unsolicited commercial communications and direct marketing - which we'll unpack in a bit more detail here.

Which communication channels are affected?

In line with international best practice, POPI applies to electronic communications that involve a level of automation, storage and forwarding. This means SMS and e-mail are included in POPI's definition of electronic communications, but regular person-to-person (P2P) telephone calls are not. This is pertinent, because it recognises that the automation of communication is one of the main reasons why spam has become such an issue and needs to be managed via legislation. The point to take home here is that direct marketing via a P2P telephone call is handled on an opt-out basis, while all other electronic communications must be opted into by a consumer.

Customer and prospect opt-in are handled differently

The Bill makes a distinction between how existing customers and prospects' personal data is handled in respect to opt-in to receive direct marketing communications. A business' existing customers need only to have given inferred consent to be sent direct marketing via electronic channels, while prospective customers (that is non-customers) need to have given express consent before receiving the same communications.

Getting inferred consent from customers

Inferred consent means you have informed your customer how you will be using their personal details when you collected them. In addition, you need to give them the opportunity to opt out of marketing communication at this point.

Customers should also be given the opportunity to opt out of marketing communications on each subsequent communication you send to them. The opt-out instructions need to be clear, and the process must be free of charge and not bogged down in unnecessary formality.

If you have not done this yet, you can relatively easily get your customer database compliant with POPI. The key is to get consent at the point when you collect the customer data, which is not necessarily at the point of sale. By running a campaign to update your customers' details, you should, at the same time, inform your customers that you will be marketing to them and give them the opportunity to opt out. This process will make your database POPI compliant.

Getting express consent from non-customers

POPI is the first regulation in South Africa to define express consent for non-customers in order to market to them directly via electronic channels. This means consumers must agree to their personal information being processed and used for direct marketing. In terms of POPI, consent needs to be specific, voluntary and informed. In other words, at the point when a non-customer is engaged, the following should be asked: "Would you like to receive regular marketing communications from company A? Answer: YES or NO".

However, ensuring existing non-customer databases are retrospectively made compliant needs to be handled with kid gloves. If you can prove the database has been acquired legally, you are free to contact the consumers and ask for their permission to market to them - but you can only do this once.

While there are additional technicalities around the wording of opt-out messages and related charges, the above guidelines will ensure your databases are POPI compliant.

It is expected that POPI will be passed into law within the next six months, at which time it will be specified how long companies will have to comply with the handling of personal information when using electronic communications to market to existing and prospective customers.

Share

BulkSMS.com

BulkSMS.com is a division of Celerity Systems and was founded in 2000 along with its parent company. Its founders first began using SMS in 1997 to send weather updates to clients, but soon realised the service had broader applications for business communications.

Today, BulkSMS.com is a leading SMS messaging service provider offering two-way messaging via a versatile portfolio of Web, application and API products. Thousands of users locally and across the globe have adopted the service, which now connects to over 800 GSM networks in 180 countries.

Editorial contacts

Jeannie Erasmus
Red Ribbon Communications
jeannie@redribboncommunications.co.za
Dr Pieter Streicher
BulkSMS.com
(021) 552 6321