The Information Regulator of South Africa has issued a stern warning to marketing companies and other groups who abuse the Protection of Personal Information Act (POPIA). It says it has received and concluded preliminary investigations on over 700 complaints from various data subjects since July 2021.

Most complaints received relate to direct marketing, which shows that many responsible parties are not complying with the sections of POPIA relating to unsolicited electronic communication and consent, justification, and objection.

At a recent media breakfast presentation, the regulator said it has received a notification from the National Credit Regulator regarding a report about entities engaging in the sale of personal information of consumers, such as:

• Names and surnames;
• Identity numbers;
• Contact numbers;
• Credit scores;
• Consumer debt review statuses.

“We are warning responsible parties that continue to trade in personal information that this is in violation of POPIA, and we will not tolerate it. We are sending an unequivocal message to players in the credit granting and direct marketing sectors of our economy: this must stop.”

The regulator said the country is experiencing an alarming rate of security compromises with over 330 reports of data breaches being recorded since POPIA became effective.

To address this, the regulator has decided to establish a dedicated unit to conduct extensive investigations and assessments into these security compromises and will issue reports with its findings and recommendations. These reports will be deemed to be enforcement notices, it said.