POPI makes dramatic impact on direct marketing

Aug 9, 2018 | Features

POPI did not result from homegrown considerations. It was enacted to bring South Africa in line with the existing international legislation.

Getting a list of names and calling or emailing them to canvass for potential clients has been standard practice with estate agents for ages. This type of direct marketing will become taboo once the Protection of Personal Information (POPI) act becomes law unless these people gave prior consent thereto explains Anastasia Haji-Pavlou, director with legal firm Smith Tabata Buchanan Boyes.

The Protection of Personal Information Act (POPI) is a huge piece of legislation. This legislation impacts on the industry in which estate agents provide services to the man on the street, whether as buyer; seller; landlord or tenant.

POPI was signed into law by then president Jacob Zuma in November 2013, although the exact date for its coming into operation has not yet been determined.

POPI did not result from homegrown considerations. It was enacted to bring South Africa in line with the existing international legislation. In a nutshell, POPI is designed to manage the collection, recording, use and storage deletion of a person’s personal details and applies to any “responsible party” working with the personal information. It is therefore clear that the intention herein is that the real estate company, as well as the individual agent be a “responsible party” as POPI will apply to most organizations in SA and their representatives and agents when they process the personal information.

Specific consent is the golden word. Where a client’s consent has been obtained to collect; use and store for a specific purpose the information, a business may use that information.

So will estate agents be able to canvass potential clients telephonically using data from companies like Lightstone? Do these property solution companies have permission to pass on data to 3rd parties like estate agents?

The short answer is no, unless there is prior consent from these parties that their information may be used for such purposes. As part of its protection of an individual’s privacy, the Act also includes measures dealing with direct marketing by ways of ‘unsolicited communications’. It aims to prevent companies from using the information they have of individuals for marketing purposes, if the relevant individual did not give consent thereto.

An individual’s details may also not be given to anyone else for marketing purposes, if the individual did not specifically consent thereto. Section 66 of the Act determines that a private or public body that has personal details of an individual may not use that information to send direct electronic marketing to that person (be it by way of automatic calling machine, emails, SMS or fax), unless the individual has given his or her consent or if the recipient is a customer of the business. The recipient is a customer of the business. The direct marketing must in each instance still offer the recipient an opportunity to opt out of receiving further information. The keywords therefore are consent and opt-out.

In this regard, POPI makes dramatic impact on direct marketing. Previously you were allowed to send unsolicited emails provided there was an opt-out option. Now the sending of unsolicited emails to names on your database who have not beforehand opted in (or consented thereto) will not be allowed.

Having consideration to the above, let Haji-Pavlou highlights where your agencies and personal administration of matters will require POPI compliance:

Your agency must have IT systems that are compliant with POPI. There must be safeguards with regards to collection and storage of data on computer systems. Systems must be secured against hacking. Employees with laptops and cell phones must sign undertakings in which they acknowledge their responsibility with regards to protecting the information stored thereon.

Employees must sign a code of conduct advising that they are aware of their duties under POPI and that they will not disclose client’s information to others, unless there is consent.

The Information Regulator was appointed in October 2016 with effect from 1 December 2016 to monitor and enforce compliance with the provisions of the Promotion of Access to Information Act and POPI. Time is running out to ensure that real estate agencies are in a position to comply with the requirements of POPI. Haji-Pavlou recommends that agents and their agencies empower themselves with the necessary knowledge in order to become POPI compliant.

Also read: POPI: Are you prepared?

Email your comments or stories to be considered for publication to editor@propertyprofessional.co.za.