ISP: The POPI Act requires you to have approval from anyone with which you would like to communicate with via email.
Us: Surely that’s simply not practical. Do you really need to have approval from all your clients in order to correspond with them via email?
ISP: Yes, that’s what the Act says.
Us: I’ve just received an invoice from you via email and I have never agreed that you can send me emails. You must, therefore, be in contravention of the same regulations you are required to enforce upon your users.
ISP: Stunned silence as the implications of their interpretation of the Act sinks in . . .
I have to admit that we have not fully investigated the implications of the new Act, but did find this conversation that took place with our ISP a few months back thoroughly alarming. Now ITWeb is confirming that the Act is is almost upon us – Final POPI regulations published – Admire Moyo
If the comments from our ISP are true (with specific regard to the draft regulations and how they relate to email correspondence), then this is a completely impractical legislation devised by people without the faintest idea of how email and associated web technologies actually work.
First off, this will have zero impact on spam and spammers – who could not care less about South Africa’s email “regulations”. They use all manner of illegal or illegitimate means to distribute spam on a mass scale. It’s laughable that they would stop sending spam to South African domains because they are not compliant with new legislation.
Furthermore, what constitutes an “agreement”? Does a checkbox in a third party database marked as “Agree to receive email correspondence” suffice?
One needs to bear in mind that email compliance as it stands today, in all online systems that we are aware of, constitutes a simple checkbox agreement. There is no associated email or corresponding paper trail for email confirmation.
If such an “agreement” does suffice, then one assumes that self-hosted solutions must be included in that as a form of “agreement”. And if that is the case, then an “agreement” is simply a confirmed checkbox stored in a database. And you can think of that as an editable Excel spreadsheet with an x marked for “Yes”.
That’s hardly an agreement at all.
Then again, if such a traditional online “agreement” is not eligible for inclusion in the Act, out goes anyone’s use of popular legitimate international bulk email systems such as MailChimp or ConstantContact as well as any other online or offline system that sends emails, including the company accounting system!
Please someone with more understanding of the implications of the POPI Act tell us we are wrong and that there really is a practical and achievable way to comply with the legislation where it relates to the sending and receiving of legitimate email correspondence!