Though the regulator has not formally ruled on the complaints received thus far related to Popia, regulator member advocate Lebogang Stroom-Nzama said the trend was that the offending parties, such as direct marketers, would desist once a complaint was lodged. In the meantime, the regulator is making overall assessments of such offenders to find an overall remedy instead of only resolving individual cases.
“Popia is new and we have been patient but that is coming to an end,” said Tlakula.
“We have to begin exercising our powers.”
Entities selling consumers’ personal information, especially in the credit granting and direct marketing industries, are also in the regulator’s crosshairs.
“We say to those who offer to sell these lists and those who buy them, do not allow yourself to be the first example of the regulator’s bite,” said Tlakula.
The regulator can also assess data breaches, such as the theft of consumers’ details from company databases. It has received more than 330 reports of such breaches in the past year, but these specialist investigations can be technical and expensive and have an impact on the regulator’s R100m budget, said advocate Collen Weapond, another regulator member.