It’s been a tough few years on the compliance front with retailers confronted with the requirements of the Consumer Protection Act (CPA), the Payment Card Industry (PCI) security requirements and, most recently, the promulgation of the Protection of Personal Information Act (POPI).
All off the laws have been implemented in order to protect the consumer, secure their information and limit the ability for that information to be used for nefarious purposes, or to engage with consumers without their express consent.
“There is no doubt that regulating for the consumer is a good thing. By ensuring consumers’ rights and information are protected, we are creating an environment where customers are more confident to hand over their information and transact electronically. However, reaching compliance can be a significant challenge, especially for the smaller retailers,” explains Angelina dos Santos-Barrett, Customer Engagement Product Manager at Innervation Value Added Services.
The Protection of Personal Information Act (POPI) was signed into law on November 26 2013. POPI essentially regulates how anyone who processes personal information must manage, store and secure that information.
Despite its harmless sounding acronym, POPI has substantial penalties. Anyone who contravenes POPI’s provisions faces possible prison terms and fines of up to R10 million. More than that, POPI also allows individuals to institute civil claims so there may be the possibility of further financial loss for wayward retailers.
Simply put, POPI is designed to prevent the negligent disclosure of personal information.
This means that an organisation can only capture, use or store a customer’s personal information with their express consent. While this sounds simple enough, POPI becomes fairly complex when you look at what the definitions of information are. This could be anything as obvious as your name, address and ID number. It applies to electronic identifiers such as email addresses, cellphone numbers and social media handles. It takes into account medical, financial and educational history. But it also includes things like personal opinions, sexual orientations, religious affiliation and any other information relating to individuals.
“The type of information that is being protected is precisely the type of information marketers are looking for when designing campaigns. For retailers this will have implications on many aspects, including loyalty programmes and gift carding,” explains dos Santos-Barrett.
Compliance to POPI does not stop at securing the data. Retailers will need to make sure that the information they have is accurate, up to date and that as soon as they no longer require it for a specific purpose, the information is destroyed according to the Act’s requirements.
“The Act essentially enables consumers to be in control of their own information, allowing them to choose who has it and for what purpose. Many companies are trying to find ways to allow greater control by encouraging customers to update and maintain their own information, which seems to be the sensible route to go. The trick, of course, comes in finding IT solutions which makes managing compliance simpler and more efficient, while meeting all the requirements,” says dos Santos-Barrett.
POPI, along with PCI standards and the CPA have forced retailers into a complex compliance arena which could have considerable financial implications. “Companies will have a year to get their house in order. That means setting up adequate security as well as training staff to oversee the gathering, storing and appropriate use of customer’s information. While this is a headache for larger retailers it could have a significant impact on smaller operations. It makes sense to work with service providers who have integrated as many of the compliance issues into their IT offering as possible and is by the nature of their business already compliant to the CPA and is certified as compliant the PCI security standard,” dos Santos-Barrett concludes.
About Innervation Value Added Services
Innervation Value Added Services assists retailers to achieve enhanced customer service, increased revenue and sustainable competitive advantage via strategic engagement and by enabling a wide range of services across all customer touch points. Innervation utilises an agile switching and reconciliation platform to seamlessly integrate to customer touch points (POS, mobile, web, call centre, self -service kiosks and social media) and also to retail enterprise financial and CRM systems. The company’s core product offerings include the Destiny electronic payments switch and the Destiny Stored Value suite of products, including gift card, loyalty, vouchers and coupons. Commodity services such as prepaid airtime and bill payment are supported via interfaces to the Value Added Service Providers preferred by the merchant.