Discover how to protect yourself from spam calls claiming to have your financial information, and learn about the legal frameworks in place to safeguard consumer rights.
Image: File photo.
The phone rings, and it’s some sort of telemarketer on the other end. It’s hard to tell because the line isn’t the best. After checking that they have their victim, they say: “I have your information in front of me, and you are paying too much interest.”
Of course, when probed, they vacillate and claim to have misunderstood what they said. There seems to be very little someone can do about this, given that the company is essentially anonymous.
This is all illegal. Yet, the only thing I can think of doing is to report the number and then block it through TrueCaller. However, there are other avenues that, although time-consuming, should benefit everyone in the long run.
The Direct Marketing Association of South Africa, a voluntary body for companies that want to ensure they have a good reputation as telemarketers, received about 200 consumer complaints a month. “We have not observed any notable spike specifically related to financial sales,” says CEO David Dickens.
Yet, Benita da Silva, executive of risk, compliance, and legal at ASI Group, said that, while there are no definitive stats, “Truecaller data shows a significant number of spam calls are still being received in South Africa”.
If someone tries unsuccessfully to call the number back to determine the company name, Dickens said it indicates it’s likely that this is an outgoing line. In these instances, he suggests complaining to the telecoms companies as well as the Independent Communications Authority of South Africa.
“Each phone number should be clearly registered to an identifiable owner, as required by the Regulation of Interception of Communications and Provision of Communication-related Information Act, which is intended to ensure accountability for the use of mobile numbers,” Dickens said.
Da Silva said that, when it comes to spam callers pretending to have financial information, it’s important for consumers to ask exactly what information a marketer has about them, how they obtained it, and ask that it be amended or deleted.
There “are indeed instances where business practices contravene the Protection of Personal Information Act (POPIA),” said Dickens.
“A common example is when a business cannot provide proof of opt-in consent, indicating that the individual did not explicitly agree to be contacted,” he noted. Likewise, some provisions of the Promotion of Access to Information Act (PAIA) are often disregarded, especially when businesses fail to disclose what personal information they hold about a data subject or refuse to remove such information when asked to.
“When it comes to the sale of debt-related products and financial instruments or services, there are still grey areas in the interpretation and enforcement of regulations,” said Dickens, noting that there is a need for additional guidance from other government agencies, such as those that deal with financial matters.
There are several laws that apply to telemarketing, said Dickens. He explained that this includes POPIA, which applies to all activities where personal information is processed, including collecting, storing, sharing, and deleting it.
“POPIA trumps all other legislation on the topic of personal information protection. This means that it overrides all other laws and regulations that address direct marketing. However, if another law provides greater protection to data subjects, marketers must follow those provisions in addition to the requirements in POPIA,” Dickens explained.
There are also industry codes of conduct that fall under POPIA and have been approved by the Information Regulator, the umbrella body in charge of enforcement. Companies that don’t comply with POPIA can face an administrative fine of up to R10 million, imprisonment of up to 10 years, and the company can be sued by the “data subject” – the person whose information has been breached.
Dickens added that companies that are members of the Credit Bureau Association and the Banking Association of South Africa are also subject to approved codes of conduct. In addition, he said, if the “data subject” is a consumer, a marketer must comply with the Consumer Protection Act (NCA) to the extent that it provides more protection to data subjects than provided for in POPIA.
Then there is the National Credit Act, which requires credit providers to also comply with its direct marketing provisions. “If the NCA provides more protection for personal information than POPIA, credit providers must also comply with those requirements,” Dickens explained.
What is important, said Dickens, is to lobby the government and to respond to requests for comment when they issue these, such as with the Department of Trade, Industry, and Competition’s (DTIC’s) recent request for comment on improved regulations to the CPA.
Da Silva added, “Hopefully, when the DTIC fully implements a new registry system, the problem will be solved”.
There needs to be a balanced approach, one that supports open market participation and consumer protection while also fostering compliance, explained Dickens. “It’s equally important to consider the employment implications in this sector, which often engages vulnerable, unemployed youth who are given aggressive sales scripts by businesses that sidestep regulatory compliance and avoid aligning with professional bodies,” he said.
Dickens added that better collaboration between the public and private sectors would “go a long way in addressing systemic challenges”.
In the meantime, Da Silva adds that consumers must be mindful of the terms and conditions they agree to when completing competitions, surveys, and forms on the internet and what information they make available about themselves online.
The DTIC did not respond to requests for comment.
PERSONAL FINANCE