In a galaxy not too far away, a debt collector got a great new mandate from a client.
The mandate was simple: use any legal methods to collect money from a debtor. So excited was the debt collector that they never stopped to ask: what about the debtor’s personal information? The debt collector never considered the application and impact of POPIA. And so the saga began. Names. Account numbers. Addresses. Cellphone numbers. Email addresses. An ID number. Photos. The debtor’s personal information was at the debt collector’s finger tips. Grinning, and still unaware of the impending danger, the debt collector danced their way into their systems, uploading the information, and collating, refining, and supplementing it. Again, they did not think about POPIA, failing to smell the smoke from the impending data protection fire. All they saw were the possibilities that having the information presented. The possibilities were like roads winding through a forrest.
When trouble began for the debt collector
It was a fine, clear morning when the email came. The contents of the email began and ended with trouble. The Information Regulator had gotten a complaint from an unhappy debtor who wanted action against the debt collector. No good would come from any complaint, the debt collector had immediately known. The Information Regulator, as the authority with the power to enforce POPIA, wanted to hear from the debt collector. In fact, the email went further:
The Information Regulator has the power to investigate complaints against any responsible party, including debt collectors.
The email spoke in ominous terms. It spoke about a pre-investigation, about the Information Regulator’s right to pry the debt collector’s systems open and check how the debt collector had been operating. Strength left the body of the debt collector. Why had no one warned about the impending danger? Why had no one told them of the Information Regulator’s powers? Everyone knew: you take away a debt collector’s right to process personal information, you take away their ability to operate, so why had no one spoken of the danger coming from the Information Regulator’s office? Why?
What happened next?
Many things happened next, like opening a box full of unwanted memories and having all of them come back at once. One thing was clear: a debtor had many rights under POPIA, and failing to understand those rights was to fail at business.
Only the lawyers seemed to know what would come next.
Michalsons seemed to have answers to questions the debt collector had not thought about. In particular, Sicelo Kula seemed to have the answers that would make the headache go away, that would help the debt collector steer in the direction of data protection compliance. He spoke about a data protection programme and a lens for “debt collection agencies”.
Was this Sicelo Kula legit? Had he considered how to help debt collectors and other organisations? Only time would tell…
The meeting with Sicelo Kula was only a week away. Maybe that meeting would help it all make sense… Apparently, this Sicelo was also doing a data protection webinar for debt collectors in October. Hope springs eternal, was the last thing the debt collector thought before clicking away from the Information Regulator’s email.
Written by Sicelo Kula.
