Is a credit profile listing update permission for unsolicited marketing?

**HR Solutions** · 27-Feb-14, 06:38 PM

If u do a self credit cheque - you can see who did a check on you ! That in itself is not right because they need your permission.

**Dave A** · 27-Feb-14, 07:58 PM

Originally posted by HR Solutions

That in itself is not right because they need your permission.

That's pretty much along the lines I was thinking.

Thing is, they're not really "looking up my credit profile" otherwise there wouldn't be the connection between the reported transaction and the unsolicited marketing call(s). They have to be plugged into a "credit profile update stream" of some sorts.

And I'm not a client, so it isn't a "keep track of updates on your clients" subscription service deal - this is a far more public data stream.

(Or should that rather be "data leak")

**sterne.law@gmail.com** · 27-Feb-14, 08:26 PM

The POPI bill is goinv to have a huge impact on this behaviour

**KimH** · 28-Feb-14, 06:17 AM

Originally posted by sterne.law@gmail.com

The POPI bill is goinv to have a huge impact on this behaviour

I certainly hope so!
At least 3 times a week I receive phone calls from either cellular or insurance telesales agents and it is driving me nuts!
My husband refuses to answer calls from blocked numbers, there are times where wish I could ignore a ringing phone!

**Dave A** · 28-Feb-14, 09:15 AM

Make that 3 phone calls from Altech Netstar.
Two yesterday morning, and one this morning

And the morning's not over yet

**Citizen X** · 28-Feb-14, 09:25 AM

Originally posted by Dave A

I've been contacted on my cellphone twice this morning by Altech Netstar, trying to sell me their vehicle tracking deal which apparently is on special for this week only.

The first time I listened to the deal. The second time around I was more interested in where they got my cellphone number from, as it's not exactly widely published.

Apparently they got it from a consumer credit database.

I've just renewed my cellphone contract.
It seems this pops up on a consumer credit database.
And this is where they got my cellphone number.

So is entering a transaction that results in a credit profile listing update constitute permission for unsolicited tele-marketing from 3rd parties?
Is this appropriate use of a consumer credit database?

The caller from Altech Netstar seemed to think so.

I'm not quite as convinced...

Morning Boss

,

Most certainly not! If I were in your position, I would feel exactly the same way!

There are various pieces of legislation that prohibit this. The newest one, however, is the PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013.

1. The long title reads as follows: To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.

2. The preamble inter alia, states: RECOGNISING THAT- - regulate, in harmony with international standards, the processing of personal information by public and private bodies in a manner that gives effect to the right to privacy subject to justifiable limitations that are aimed at protecting other rights and important interests,

3. In this case you are classified as the date subject: “data subject” means the person to whom personal information relates;

4. “operator” means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;
5. Section 5 entitled ‘Rights of data subjects,’ reads as follows:
A data subject has the right to have his, her or its personal information processed in accordance with the conditions for the lawful processing of personal information as referred to in Chapter 3, including the right-
(a) to be notified that-
(i) personal information about him, her or it is being collected as provided for in terms of section
18; or
(ii) his, her or its personal information has been accessed or acquired by an unauthorised person as
provided for in terms of section 22;
(b) to establish whether a responsible party holds personal information of that data subject and to request
access to his, her or its personal information as provided for in terms of section 23;
(c) to request, where necessary, the correction, destruction or deletion of his, her or its personal
information as provided for in terms of section 24;
(d) to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal information as provided for in terms of section 11(3)(a);
(e) to object to the processing of his, her or its personal information-
(i) at any time for purposes of direct marketing in terms of section 11(3)(b); or
(ii) in terms of section 69(3)(c);
(f) not to have his, her or its personal information processed for purposes of direct marketing by means of unsolicited electronic communications except as referred to in section 69(1);
(g) not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of his, her or its personal information intended to provide a profile of such person as provided for in terms of section 71;
(h) to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator as provided for in terms of section 74; and
(i) to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information as provided for in section 99.

Section 27 reads as follows:

27. General authorisation concerning special personal information

(1) The prohibition on processing personal information, as referred to in section 26, does not apply if the-
(a) processing is carried out with the consent of a data subject referred to in section 26;
(b) processing is necessary for the establishment, exercise or defence of a right or obligation in law;
(c) processing is necessary to comply with an obligation of international public law;
(d) processing is for historical, statistical or research purposes to the extent that-
(i) the purpose serves a public interest and the processing is necessary for the purpose
concerned; or
(ii) it appears to be impossible or would involve a disproportionate effort to ask for consent, and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the data subject to a disproportionate extent;
(e) information has deliberately been made public by the data subject; or
(f) provisions of sections 28 to 33 are, as the case may be, complied with.
(2) The Regulator may, subject to subsection (3), upon application by a responsible party and by notice in the Gazette, authorise a responsible party to process special personal information if such processing is in the public interest and appropriate safeguards have been put in place to protect the personal information of the data subject.
(3) The Regulator may impose reasonable conditions in respect of any authorisation granted under
subsection (2).

Is a credit profile listing update permission for unsolicited marketing?

Is a credit profile listing update permission for unsolicited marketing?

Comment

Comment

Comment

Comment

Comment

Comment