Electronic Marketing Specialist, Striata, is advising all digital marketers to familiarize themselves with the Protection of Personal Information Bill, specifically the additional obligations they will have to comply with should it become an Act. “The bill increases the marketers’ responsibility in terms of ensuring the privacy of any data they hold about an individual. They are obliged to take the appropriate technical and organisational measures to prevent loss, damage or unlawful access to this personal information,” explains Alison Treadaway, Director, Striata.
What is the Protection of Personal Information Bill?
The PPI Bill aims to promote the individual’s right to privacy by protecting personal information through regulations, standards and codes of conduct.
From an eMarketing standpoint, the Bill also establishes an individual’s rights regarding unsolicited electronic communications.
In short, the Bill protects individuals by placing certain obligations on organizations that collect, store, use, process or have access to personal information. The bill also aims to balance the right to privacy with the right of access to information.
The PPI Bill gives individuals control over their personal information held by a supplier. Data holders have to get consent directly from individuals or from a third party (with the individual’s consent) to hold and process their personal data. “The data holder must state the exact purpose for which the data is being gathered and use it for this purpose only. They must also ensure that all captured data is complete, accurate and updated,” advises Treadaway.
Many of these concepts have been practiced by local marketers for years, however, this Bill will promote these practices to law, and apply penalties for those who do not comply. In terms of their own personal information; the rights of the consumer has been clearly established , and the Bill provides official avenues for complaints.
In preparation, Treadaway says organisations and their service providers, who hold or process personal information, should initiate projects to address the following:
- The secure storage of data: companies need to address data security from both a technical and a physical perspective, taking both external and internal threats into account.
- Validity of data on record and formal processes to regularly update information.
- Review current practices that potentially contravene the terms of the Act. Companies should also assess how the required marketing results can be achieved within the boundaries of the Bill, should it become an Act.
“The impact when this Bill becomes legislation will be far reaching. Organisations that stall will be forced to implement complex organisational and technical changes within a finite grace period. It is therefore prudent that digital marketers understand the requirements now and initiate the necessary projects to ensure compliance.” concludes Treadaway.