News

South Africa’s Information Regulator acts against FT Rams over privacy law breach

South Africa’s data privacy enforcer, the Information Regulator of South Africa has issued the first enforcement notice as a result of a direct marketing complaint.

This comes at a time when the public is highly frustrated with the influx of direct marketing messages and calls.

Advocate Pansy Tlakula, chairperson of the regulator said they issued an Enforcement Notice to FT Rams Consulting, a training institution business, after findings it contravened “various sections of the Protection of Personal Information Act (POPIA)”.

Advertisement

“The regulator received a complaint from a data subject (a person about whom the personal information relates) following countless direct marketing messages received by them.

“Regardless of the multiple attempts to opt out and requests to be removed from the company emailing list, FT Rams Consulting blatantly ignored the pleas from the data subject and continued to send them marketing messages on email,” Tlakula said.

ALSO READ: Information regulator slaps DoJ with R5m fine for contravening privacy act

Advertisement

Interference

Tlakula said the regulator determined that FT Rams Consulting interfered with the protection of personal information of the data subject, and thus breached the conditions for the lawful processing of personal information.

“Our leniency regarding direct marketing through unsolicited electronic communications is going to be a thing of the past because responsible parties (public or private bodies) ignore the provisions of section 69 of POPIA and infringe on the rights of data subjects.

“In response to this, we are also putting together a guidance note which will clearly spell out the dos and don’ts of processing personal information for the purposes of direct marketing by means of unsolicited electronic communication,” said Tlakula.

Advertisement

Adherence

Tlakula said the regulator found that FT Rams Consulting had failed to adhere to POPIA and contravened sections 69 (1) and (2) and subsequently other sections of POPIA by transmitting to the individual, without first obtaining their consent, persistent direct marketing communications through emails pertaining to the courses or webinars which it offered.

“Furthermore, that although the data subject was provided with the option to ‘opt out,’ this did not remedy the situation. Section 69 (1) of POPIA states the processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication is prohibited unless the data subject has given their consent to the processing.”

Enforcement notice

According to the regulator, in the enforcement notice issued to FT Rams Consulting, the company has been ordered, among other things, to immediately stop sending unsolicited direct marketing messages by means of any electronic communication, including telephone, fax, SMS, e-mail or automated calling machine, to any data subject who has not consented, including the complainant.

Advertisement

“The company must also ensure the first communication sent to data subjects is one in which FT Rams Consulting requests their consent and must approach such data subjects only once to obtain consent.

“FT Rams Consulting must use the form prescribed by the regulator for this purpose. The use of this form is compulsory. Furthermore, they must also ensure they only send such a message to a data subject who had not previously withheld his or her consent. FT Rams Consulting has been ordered to provide an undertaking to the regulator regarding compliance with these orders.” Tlakula said.

Deadline

The regulator also ordered FT Rams Consulting to compile and maintain a database of all individuals who had previously withheld, or did not consent to receiving unsolicited direct marketing messages, and submit a design of such a database to the regulator.

Advertisement

“This will ensure the data subjects on the database are not contacted again. FT Rams Consulting is ordered to adhere to the instructions contained in the enforcement notice and demonstrate such to the regulator within 90 days of receipt of the notice,” Tlakula said.

FT Rams Consulting told The Citizen that they could not currently comment on the enforcement notice by the regulator until they have studied it in detail. The individual said they would provide a response in due course.

ALSO READ: Was South Africans’ personal information during Covid protected?

For more news your way

Download our app and read this and other great stories on the move. Available for Android and iOS.

Published by
By Faizel Patel
Read more on these topics: Businessmarketprivacy