The Information Regulator issued an enforcement notice against FT Rams Consulting for non-compliance with section 69 of POPIA – the section that deals with direct marketing. This FT Ram Consulting enforcement notice follows a complaint from a data subject who received unsolicited emails from FT Rams Consulting despite opting out.

The gist of the FT Rams Consulting enforcement notice

In the enforcement notice, the Regulator ordered FT Rams Consulting to urgently take action to help make its direct marketing lawful.

  1. Immediately stop sending unsolicited direct marketing messages through any electronic communication (email, phone, SMS, etc.) to anyone who has not consented.
  2. Ensure the first communication with data subjects is a request for their consent, and only approach them once for consent.
  3. Create and maintain a database of individuals who have opted out of receiving marketing messages and submit its design to the Regulator.
  4. Provide a written undertaking to the Regulator regarding compliance with these orders.

Timeline to comply

The regulator gave FT Rams Consulting 90 days to comply with the orders in the enforcement notice. This means that FT Rams Consulting must implement the above orders by 26 May 2024. Failure to comply with the enforcement notice could result in a fine of up to R10 million or imprisonment or both. In the 90 days, FT Rams Consulting has an important decision to make: Do they appeal the notice in the high court to try and get it set aside or do they try to convince the regulator to set it aside?

Regulator’s findings

Based on the Regulator’s media statement, they found that FT Rams Consulting:

  • sent unsolicited direct marketing messages to individuals who haven’t explicitly given their consent to receive such messages;
  • ignored opt-out requests of the data subject who made repeated requests to be removed from the mailing list, but FT Rams Consulting continued to send them marketing messages;
  • failed to obtain consent through a specific form provided by the Information Regulator; and
  • did not limit attempts to obtain consent.  Companies can only approach individuals once for their consent for direct marketing purposes.

The Regulator found that these actions were in contravention of sections 69(1) and (2) of POPIA, which regulate direct marketing by means of unsolicited electronic communications.

What you can learn from this direct marketing enforcement notice

You can learn several things from the Information Regulator’s enforcement notice against FT Rams Consulting.

Some improvements you can make to your direct marketing

  • Comply with POPIA. Ensure you have obtained consent properly before sending marketing messages to prospects and respect opt-out requests. This order raises the question as to whether you should only use the prescribed form provided by the Regulator to obtain consent for direct marketing purposes; and
  • Maintain accurate records. Keep track of individuals who have opted out of receiving marketing messages and do not contact them again.

Improve your website to make sure it helps your compliance

  • Be transparent about your data practices. Clearly explain how you collect, use, and store personal information in your privacy policy. The Privacy Policy must be readily available to your data subjects. Your website is a good place for it; and
  • Be ready to receive complaints. Have a Complaints Policy on your website to allow your data subjects a chance to easily complain to you first instead of going to the regulator. If they approach you first, it gives you an opportunity to resolve the dispute before it escalates into something worse.

We did not find any website terms or Privacy Policy or Complaints Policy on the FT Rams Consulting website. Make sure that you do not make the same mistake with your website.

Actions you can take

To limit or avoid the possibility of receiving a similar enforcement notice, you can take action.