On February 27, 2024, the Information Regulator (the Regulator) announced that it had issued an enforcement notice to FT Rams Consulting for a violation of the Protection of Personal Information Act (POPIA) following a direct marketing complaint.

Background to the decision

The Regulator explained that it had received a complaint from a data subject following direct marketing messages received from FT Rams Consulting. The Regulator noted that the complainant had attempted to opt out and had requested to be removed from the company's emailing list multiple times, but FT Rams Consulting ignored the requests and continued to send the marketing messages.

Findings of the Regulator

Following its assessment, the Regulator determined that FT Rams Consulting violated Section 69 of POPIA which regulates direct marketing through unsolicited electronic communications. In particular, the Regulator found that FT Rams Consulting had contravened Sections 69 (1) and (2) of POPIA and other Sections of POPIA by sending direct marketing communications without first obtaining consent. The Regulator clarified that although the data subject was provided with the option to opt out, there was still a contravention as processing for direct marketing is prohibited unless the data subject has first given their consent. Therefore, the first message that FT Rams Consulting was supposed to send to the data subject was one in which it requested consent.

Outcomes

The Regulator issued an enforcement notice which orders FT Rams Consulting to, among other things:

• stop sending unsolicited direct marketing messages through any electronic communication to data subjects who have not consented;
• ensure that the first communication sent is requesting consent and approach such data subjects only once to obtain consent;
• use the form prescribed by the Regulator for this purpose; and
• compile and maintain a database of all data subjects who had previously withheld or did not consent to receive unsolicited direct marketing messages and submit a design of such a database to the Regulator.

Notably, the Regulator confirmed that FT Rams Consulting must adhere to the instructions contained in the notice and demonstrate the same to the Regulator within 90 days of receipt, highlighting that non-compliance with the notice can, upon conviction, result in a fine of up to ZAR 10 million (approx. $518,734) or imprisonment for a period not exceeding 10 years, or both. Furthermore, Advocate Pansy Tlakula, Chairperson of the Regulator, noted that the Regulator is putting together a guidance note that will spell out the dos and don'ts of processing personal information for direct marketing employing unsolicited electronic communication.

You can read the announcement here.