Training interventions company faces hefty fine after POPIA breach

A training interventions company could face a fine of R10 million after contravening sections of the Protection of Personal Information Act (POPIA).

A training interventions company could face a fine of R10 million after contravening sections of the Protection of Personal Information Act (POPIA).

Published Feb 29, 2024

Share

In what could be precedent-setting, a training interventions company could face a fine of R10 million after contravening sections of the Protection of Personal Information Act (POPIA).

The Information Regulator said they issued their first Enforcement Notice against the company for harassing a data subject with direct marketing messages despite opting out of receiving such information.

After issuing the notice to FT Rams Consulting, the regulator said the action comes at a time “when the public is highly frustrated with the influx of direct marketing messages”.

The notice was issued following findings of the contravention to various sections of POPIA.

The company indicated they are seeking legal advice.

“The Regulator received a complaint from a data subject (a person about whom the personal information relates) following countless direct marketing messages received by them.

Regardless of the multiple attempts to opt out and requests to be removed from the company emailing list, FT Rams Consulting blatantly ignored the pleas from the data subject and continued to send them marketing messages on email. The Regulator determined that FT Rams Consulting interfered with the protection of personal information of the data subject, and thus breached the conditions for the lawful processing of personal information,” the regulator said in a statement.

Furthermore, the regulator found that FT Rams Consulting also violated section 69 of POPIA which regulates direct marketing by means of unsolicited electronic communications.

Regulator chairperson, advocate Pansy Tlakula, said: “Our leniency regarding direct marketing through unsolicited electronic communications is going to be a thing of the past because responsible parties (public or private bodies) ignore the provisions of section 69 of POPIA and infringe on the rights of data subjects.

“In response to this, we are also putting together a guidance note which will clearly spell out the dos and don’ts of processing personal information for the purposes of direct marketing by means of unsolicited electronic communication.”

The regulator found that FT Rams Consulting had failed to adhere to POPIA and contravened sections 69 (1) and (2) and subsequently other sections of POPIA by transmitting to the data subject, without first obtaining their consent, persistent direct marketing communications through emails pertaining to the courses or webinars which it offered.

Although the data subject was provided with the option to “opt out”, this did not remedy the situation. They have been ordered to stop sending any further communication to the data subject.

Failing to comply with the notice, the company could face a fine of up to R10 million or imprisonment for a period not exceeding ten (10) years or to both such a fine and imprisonment.

An FT Rams employee, who did not want to be named, declined to comment when contacted. “We are still seeking legal advice on the matter and are not in a position to comment at this stage,” the employee said.

Law expert Nthabiseng Dubazane said the matter could be precedent-setting.

“Should they not comply with the notice, the regulator is at its own discretion to decide how they will penalise the company... It will be interesting to see how they choose to penalise the company as the regulator can decide to have the matter referred to court or for it to be finalised in its own department,” said Dubazane.

Cape Times

Related Topics:

cape townlaw