The Protection of Personal Information Act is not yet in full effect, which is why political parties, marketers and scammers are still able to buy lists, says the writer.

The Protection of Personal Information Act is not yet in full effect, which is why political parties, marketers and scammers are still able to buy lists. And we’re literally giving away our personal information

At municipal election time, I don’t particularly care for the posters and billboards punting the governing party – because they’re governing, not ruling, to be clear – nor those of the opposition. The mug shots that litter every lamp post, the slogans and empty promises.

It’s all noise around the real issues. Not everyone’s open to persuasion – some might be undecided, but people are not ignorant.

In my neighbourhood, the Joburg Roads Agency has omitted to fix a stormwater drain on a major route for more than 10 years and my ward councillor has either been blind to it or tried to get it attended to.

I reported it months ago via Twitter; they thanked me, but it’s still the same. Street lights and traffic lights are out of order for weeks at a time; infrastructure is not maintained and when it fails, it’s catastrophic.

These might be middle-class problems but we all have our limits and it doesn’t sit well when we see politicians flouting their taxpayer-subsided luxuries.

I’m particularly annoyed about being spammed by political parties trying to solicit my vote. It’s intrusive. Which got me wondering: Just how exactly do they get access to our personal information?

Party representatives have fobbed off complaints about the spamming, because their message needs to be put out there – fair enough, but not everyone’s happy to receive phone calls or SMSes.

The Protection of Personal Information Act (Popi) might have been signed into law in 2013 but it is not in full force so direct marketers, political parties, spammers and others are able to buy lists for their own purposes.

The DA’s campaign manager Jonathan Moakes admitted they bought lists to market directly to voters and felt such marketing was reasonable.

And the DA’s not the only guilty party: the ANC is doing it too.

I asked Joel Pandaro of BKM Attorneys about it and he told me: “This type of unsolicited direct marketing can be considered unlawful according to the following statutes: Popi, the Electronic Communications and Transactions Act (Ecta) and the Consumer Protection Act (CPA).

"Section 69 of Popi prohibits any form of electronic communication, including automatic calling machines, fax machines, SMSes or e-mail for direct marketing purposes unless consent has been given or the receiver is already a customer of the party responsible."

Consent is key because it must be requested in a “prescribed manner and form”.

For companies to market directly to their existing customers, they would need to obtain their personal details through the sale of a product or service and give the customer a “reasonable opportunity to object, free of charge and in a manner free of unnecessary formality”.

Pandaro said: “While the DA's (and ANC’s) actions are in direct contravention to Section 69 of Popi, only a few, limited sections of Popi have come into effect. No regulations to Popi have been promulgated as yet.

“It is uncertain when Popi will come into full force and effect though the commencement date could be announced by the president after the appointment of the information regulator, which is expected to be on August 16. It is therefore anticipated that the Popi commencement date will be towards the end of this year.”

Then there’s the year's grace period to allow companies to comply with the act.

Section 45 of Ecta deals with unsolicited goods, services or communications, and requires that any person who sends “unsolicited commercial communications to consumers” must provide the option to opt out of the mailing list and be able to provide details of the source from which the personal information was obtained.

The CPA gives every person the right to privacy and protects against unwanted communication.

“After considering some of the SMSes sent by the DA (and ANC), it is apparent that there is no readily ascertainable method to opt out.

“The penalties prescribed by Ecta in section 89 (1) includes a fine or imprisonment for a period not exceeding 12 months,” Pandaro said.

“However, there is an argument to be made by the DA (and ANC), that section 45 of Ecta refers specifically to ‘unsolicited commercial communications’."

It appears as if communications must therefore have a commercial quality to be subject to Ecta’s requirements.

“Section 11 of the CPA also refers to approaches or communications for ‘direct marketing’ purposes. The CPA seems to require some form of commercial rationale for the messaging in order for its privacy protections to apply.

“On the other hand, a compelling argument could be made that the general right to privacy in the Bill of Rights, which is the underlying legal basis for Ecta’s and the CPA’s provisions, requires that to adequately protect citizens’ right to privacy, they should be afforded an opportunity to opt out of receiving party political messages like these.”

Ultimately, there’s no real harm in these party political messages, but for the public there is a danger that their information could be used by scammers.

A reader, who prefers not to be named, contacted me recently about calls that she had been receiving from “Windows Support” instructing her to go to her computer immediately because they had received reports that her computer was downloading data that would corrupt it.

When she told them she had her technical adviser there and was going to hand the phone over to him, they hung up.

The number they provided was 010 100 3922. If you phone it, they’ll tell you to hang up as they’ll call you back.

She realised it was a scam and gave them nothing. But people who are not computer-savvy could be taken in.

So, where are companies, political parties and scammers getting our personal information?

Mostly from consumers themselves: we’re giving away too much personal information and oversharing our numbers. How often have you filled out a form – competition entries, services, rewards programmes or loyalty cards – and provided your number?

Do you read the terms and conditions when you use social media, fill in surveys or download an app? Do you allow apps to look at your phone’s contact list or “like” things on Facebook?

The internet has made it easy – and extremely lucrative – for data-mining companies to scrape together and aggregate personal information and behavioural data.

What you share online and sign up for can determine how much – or how little – you’re being watched. Surveillance is real. Privacy is a myth.


Wise up - here's how

Read the Ts & Cs: Too often, the only terms and conditions we read are the seemingly “important ones” that have the potential to ensnare us forever or cost us a lot, but every contract you sign should be read thoroughly.

How to opt out: The Direct Marketing Association of Southern Africa has a national opt-out database but the catch is that this only applies to its own members. If you sign up, you can ensure that your address, e-mail address and phone numbers are not available to DMA members. To register, visit

Go to the source: You can also contact companies directly, so if you don't want to be notified about the latest promotion at a retailer, a special at a beautician or the pizzeria down the road, send them an SMS to stop. You'll be charged for that SMS so you might want to ignore the messages.