LinkedIn’s Fail Highlights the Importance of the POPI Act

It took almost two years for Californian courts to reach a verdict about the LinkedIn hacking case in 2013, reported here on MediaPost. Users of the platform accused them of hacking into their email accounts and sending out email invitations on their behalf. Reports like these regarding personal data infringements only create more suspicion and aversion to the sharing of personal information. Even conducting market research for the purpose of brand development can create worry in the mind of the marketer about whether they are complying with the Protection of Personal Information act (POPI act) or not.

Despite being a professional social media platform, LinkedIn still made some very unprofessional decisions

In September 2013, four LinkedIn users accused the social media platform of hacking into their email accounts and sending out emails invites to everyone they’d ever emailed. This indiscretion on LinkedIn’s part was in breach of the federal Wiretape Act that, according to The Center for Democracy and Technology, prohibits web service providers from intentionally divulging “contents of subscriber communications”. In this case, using the email addresses of its users to send LinkedIn invitations, purportedly under the guise of those users’ endorsement.

The consequences of non-compliance are massive

A verdict on the case was reached in June this year. LinkedIn is required to pay up to R166 million  to anyone claiming that their email accounts were also hacked into. That such a supposedly reputable social network has been accused of such a breach of privacy raises questions about any digital entity that possesses our email address and highlights just why the Protection of Personal Information act (POPI act) was introduced in South Africa in 2013.

The POPI Act regulates the processing of all manner of data

The POPI act in our country doesn’t just pertain to email address and other online contact information. It aims to regulate the processing – defined by POPI Compliance as “collection, usage, storage, dissemination, modification or destruction” – of all personal information such as your birth date, gender, educational and career history, medical data and even opinions and any private or professional correspondence you’ve had.

Data collection is a key ingredient in marketing strategies

As a marketer, gathering data about your target markets is a prerequisite to creating amazing brands. The best way to position your products and give your brand followers what they want is to get to know them. Even seemingly inconsequential details like where they live and which social media platforms they use can provide much insight into their preferences and desires. So how can you balance this need for information while complying with the POPI act?

Compliance is just as important for your brand as market research

First, sit down and identify the types of data you need about your target audience to achieve your brand objectives. If you only need their age, profession and favourite food, collect only that. The duty to protect this data so that no third parties have access to it is your responsibility – invest in those security measures. Once you have no further use for the data, dispose of it. Never hold onto obsolete data.

Transparency is another key part of complying with the POPI act: if those you survey ask to access the data you’ve collected about them, show it to them, and above all, make sure they know you are collecting data about them and why. By following all of the above you can rest assured that you aren’t going to make a LinkedIn-like slip-up!

Non-compliance can destroy your brand, cost you money – and could land you in jail

The ramifications of overstepping the POPI act line are huge for your brand. While a small breach might not result in your company paying as much as R38 million  in legal fees, it could ruin your brand image and alienate your customers. Would you want to buy from and engage with a brand that abused your private information? A POPI act breach could also result in a hefty fine and a possible jail sentence of up to 10 years in extreme cases. It’s also important that your vendors and other businesses you deal with are POPI compliant; a fail on their side will affect you simply by association.

RSVP is completely compliant with the act – our Event Management Software guarantees the secure collecting, storage and protection of all guest information. Contact us to find out more about our software, or download our Benchmarks report for more information about online invitation statistics.

Image credit: s3-ap-southeast-2.amazonaws.com