CATEGORIES
- (2)Account / Profile
- (498)Accounting
- (6)Audit
- (97)Auditing and Assurance
- (1)Business
- (3)Business Rescue & Business Valuations
- (31)CIPC
- (6)Compliance
- (4)Ethics and Professionalism
- (18)Financial Reporting
- (3)Guides
- (2)Law
- (35)Legal and Compliance
- (2)Management
- (12)Money Laundering
- (1)Personal & Professional Development
- (1)Practice Management
- (1)Professional Ethics
- (1)Public Sector
- (22)Regulatory Compliance and Legislation
- (9)Sustainability Reporting
- (19)Tax
- (1)Tax Update
- (1)Technology
- Show All
Information Regulator: Enforcement notice issued following Direct marketing complaint
- 01 March 2024
- Legal and Compliance
- South African Accounting Academy
The notice was issued to FT Rams Consulting — a training institution — after the Information Regulator found that it contravened various sections of the Protection of Personal Information Act (POPIA).
This comes after the regulator decided that a clause on marketing via telephone must be added to Section 69 of POPIA.
In a media statement on Tuesday, 27 February 2024, the Regulator received a complaint from a data subject (a person about whom the personal information relates) following countless direct marketing messages received by them. Regardless of the multiple attempts to opt out and requests to be removed from the company emailing list, FT Rams Consulting blatantly ignored the pleas from the data subject and continued to send them marketing messages on email.
Following its investigation, the regulator determined that FT Rams Consulting obstructed protecting the data subject’s personal information, thus breaching conditions for legally processing personal information. It also found that FT Rams Consulting had contravened section 69 of POPIA, which regulates direct marketing through electronic communications.
It had been instructed to stop sending unsolicited direct marketing messages by any means of electronic communication to which any data subject has not consented. FT Rams Consulting must ensure that the first communication they send to data subjects requests their consent, and it must only approach each data subject once for consent.
The regulator has ordered the company to provide evidence of its compliance with these orders to the Information Regulator.
It has 90 days to comply with the watchdog’s instructions, and non-compliance will result in a fine of up to R10 million or imprisonment for up to ten years.
Pansy Tlakula, chair at the Information Regulator, confirmed that their leniency regarding direct marketing through unsolicited electronic communications is going to be a thing of the past because responsible parties (public or private bodies) ignore the provisions of section 69 of POPIA and infringe on the rights of data subjects.
The watchdog found that the company hadn’t adhered to sections 69 (1) and (2), and subsequently several other sections of POPIA by:
- Directly marketing to the data subject without first obtaining their consent;
- Persistently sending direct marketing communications to the subject via email; and,
- Giving the subject the option to “Opt Out” but failing to cease communications when they did so.
Section 69 (1) of POPIA sets out that companies are prohibited from directly marketing to customers via any form of electronic communication without first obtaining their consent.
Section 69 (2) states that marketers can only request consent from a data subject once.
This means that the first message which FT Rams Consulting was supposed to send to the data subject was one in which it requested the data subject’s consent.
POPIA defines consent as voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.
If the data subject consented to receiving direct marketing messages, they also had to indicate the preferred means of communication which FT Rams Consulting could use to send direct marketing messages to them.
The watchdog said FT Rams Consultant failed to use the prescribed form to obtain written consent from the data subject.
The Information Regulator has also identified 14 other potential offenders on which it intends to issue enforcement notices.
Click here to download the Media Statement:
Relevance to Auditors, Independent Reviewers & Accountants:
- POPIA is an important piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (NOn-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
- As an auditor, independent reviewer and accountant, you also need to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.
Relevance to Your clients:
- An entity (company or close corporation) should to be aware of media statements, enforcement notices, etc. that have been issued by the Information Regulator and its Enforcement Committee.