The same is true of the nature of the data that is collected or stored. For example, a business that captures just the name and contact details of people with whom it has one-off dealings (like a security firm logging visitors at the entrance to a gated community) has an equal responsibility to protect and appropriately use that data as a large financial or other corporate that regularly collects information on customer behaviour.
Ultimately, the accountability of all these businesses that capture or handle consumer data can be distilled down to two main responsibilities - to do everything in their power to keep the personal information they gather secure, and then to only use it for the purpose for which it was captured, or for which the customer has granted specific permission.
Given these fundamental ‘rules’ embodied by the legislation, it’s something of a sad indictment on the way business has come to be done – not just in South Africa, but around the world - that this level of government policing of data security is even required. Most business leaders and owners would undoubtedly agree that customer trust is the single most important foundation on which lasting business success can be built. Most would also agree that the way a business protects and uses the personal information entrusted to it by its customers is central to the establishment and maintenance of this all-important trust.
Use customers’ data in a responsible and ethical way
All of which makes it difficult to comprehend why it is even necessary to implement laws in order to force businesses to deal with their customers’ data in a responsible and ethical way.
Interestingly, when one looks at the correct use of customer data from the point of view of good and ethical business conduct, rather than merely regulatory compliance, the introduction of the PoPIA becomes less of an administrative burden, and more of an opportunity to build trust with your customers, by demonstrating to them just how committed you are to securing, and never misusing, their personal information.
Unfortunately, leveraging PoPIA in this way to build or deepen customer trust levels requires much more than sending a standard negative-response-marketing email to everyone on your database in order to confirm that you can keep on communicating with them in the future. And building a loyal customer base is also never going to happen by simply buying a list from an unscrupulous business and then taking a ‘shotgun’ marketing approach.
The fact that many businesses are still trying to grow their markets using this inefficient method, points to a dysfunctional customer data 'supply and demand' situation that has, for too long, been a driving force behind unethical use of consumers’ personal information.
Hopefully, the PoPIA will help to put an end to this list buying practice, or at least reduce it considerably. And when it does, the importance of trust-based business growth practices will become even more obvious for any business that wishes to remain relevant and sustainable.
More importantly, the growth potential for ethical businesses that can clearly demonstrate to their customers that they don’t need regulation to respect their privacy and protect their data, will be significant. And effective data analytics is key to doing this. This doesn’t necessarily imply that a business intent on building customer trust through good data use practices needs to have a team of data scientists at its disposal.
It just means that the management of the business, irrespective of its size or sector, commits to implementing and adhering to data collection, storage and usage processes that are underpinned by good governance and ethically sound principles.
Having these processes in place will not only ensure that the business engages appropriately with its customers, but also that those engagements can be specifically targeted to align with the needs, preferences and life events of those customers. In other words, good data practices allow your business to meet your customers where they are in their lives, and serve them in ways that enhances their desire to be loyal to you.
More importantly, assuring your customers that you have appropriate, POPIA-aligned data management processes in place is an incredibly valuable source of comfort to them. Quite apart from avoiding the reputational risk of a data breach, when your customers have your sincere promise that their data is safe with you, and that you will never sell their personal information to anyone, at any price, the foundation is in place for a trust-based, long-term relationship that is infinitely more valuable for your business than any possible short-term savings to be had from skimping on data processes or personal information protection.