SUBMISSION ON THE OPEN DEMOCRACY BILL (B67-98)

SUBMISSION ON THE OPEN DEMOCRACY BILL (B67-98)
THE DIRECT MARKETING ASSOCIATION

The Direct Marketing Association is a non-profit trade association representing all stakeholders in the South African direct marketing industry. Members include the widest range of private and governmental bodies involved in making sales and developing relationships directly by mail, telephone, television and radio, magazines and newspapers, fax, electronic mail and the internet - all brought together by a common interest in responsible business practice.

The Association represents some 300 companies and 1000 individuals, both local and international. Membership includes organisations ranging from entrepreneurial start-ups to the largest multi-national corporations, and is fully representative of both marketers in, and suppliers to, the financial, retail, advertising, mail order, call centre, and electronic commerce industry amongst others.

All members are bound by a stringent Code of Practice based on international norms, and which has the endorsement of the Business Practices Committee of the Department of Trade and Industry.

GENERAL PRINCIPLES
THE BALANCE OF INTERESTS
The Direct Marketing Association welcomes the Open Democracy Bill and supports its aim of implementing the provisions of the Bill of Rights relating to privacy, access to information and transparency in all transactions.

The emphasis of this submission is to ensure that the Bill offers an equitable balance between the legitimate interests of the State, the Individual and Society, of which business is an important element.

The balance of interest principle applies equally to the drafting of Regulations to give effect to the Act.

PRIVATE vs. PUBLIC BODIES
Whilst this submission will not comment extensively on the provisions relating to the public sector, cognisance has been taken of these as they relate to and may influence the drafting or application of Regulations to private bodies.

TERMINOLOGY
We note that the terminology used in the Bill is not technically compatible with current computer technology with regard to the way that records are stored, accessed or altered.

The wording of the Bill is more applicable to manual rather than computerised databases, and does not provide for future changes in technology. Care needs to be exercised to ensure the Bill does not limit either the accessibility of information, or the feasibility of correcting, producing or holding the information. For example, Section 51 requires that if a private body declines the correction of data then it is obliged to "attach" a note "as near as possible" to where the information appears. The body is likewise required to attach the request to the record.

With regard to the first point it is often impossible to amend computer database structures to provide for this, and in most cases such notes will be recorded in a different database, linked electronically to the record. This process is seamless and transparent to the user, ensuring that the record may not be accessed without the note being evident.

With regard to the latter point, in the large majority of cases requests for correction will be in paper form, thus necessitating the electronic capture of the request. This is impractical, and may prove prohibitively expensive and inefficient.

SUPPORT OF HUMAN RIGHTS COMMISSION
Section 82 of the Bill empowers and encourages the Human Rights Commission to consult with, and seek advice and support from private bodies. The Direct Marketing Association has access to extensive local and international resources and makes itself available to the Human Rights Commission on all matters relating to the implementation and regulation of the Act as it relates to this industry.

WORLD STANDARDS
The issue of personal data privacy is well developed across the world, and carefully researched and debated principles of personal data protection have been accepted and implemented. These principles are, for example, included in The OECD Guidelines and The Council of Europe’s Convention 108, as well as in numerous self-regulatory codes of practice such as that of the Direct Marketing Association.

Only some of these principles are included in this Bill.

Those principles that are not explicitly addressed in the Bill should be entrenched in the Regulations to the Open Democracy Act, as well as in self-regulatory codes of specific industries.
The following are the internationally accepted general principles applicable to the collection and use of personal data. All reasonable steps should be taken to ensure compliance with the principles:
• Personal data should be collected and processed in a fair and lawful manner;
• The purpose of data collection should be explicit and legitimate, and data may not be used for other incompatible purposes;
• Data used by bodies should be accurate and up to date. It should be adequate and relevant for the purpose for which it was collected and is used;
• There should be a right of access to information, and a right to object on compelling and legitimate grounds.
• Bodies should consider the sensitivity of information. Security measures proportional to the sensitivity should be implemented and unauthorised access prevented.

CROSS BORDER DATA FLOW
The European Union and all its trading partners are required to have adequate data protection regimes, conforming to the European Data Protection Directives, with effect from 24 October 1998.

This means that transfer of data from the EU to both private and governmental bodies will normally only be permissible with countries which have acceptable data protection legislation or self-regulations covering the principles outlined in the preceding Section of this document.

SPECIFIC LEGAL COMMENTS
1. Inconsistencies between different Clauses of the Bill
We recommend that the following inconsistencies between various clauses be addressed:
a. Whereas Section 50(2)(c) requires any request for access to information to provide a "postal address or phone number", Section 51(5)(d) requires any request for correction to provide a "postal address or fax number". We recommend that the Bill be amended to provide for postal address, fax or phone number, and/or email address.
b. Whereas Sections 55(h) and 56(p) - Disclosure of personal information by private and government bodies - demonstrate a balance of interest between the requester and the private or governmental body with regard to the disclosure of information, this is not reflected in Section 53 with deals with the use of information. We recommend that the wording of Section 55(h) be included as Section 53(d).

2. Recommendations regarding Amendments or Insertions
a. Section 51(6) - Correction of personal information: Requests for correction to information are required in terms of 51(5)(b) to provide sufficient particulars to identify the appropriate record. To facilitate situations where these particulars may be provided subsequent to the date the initial request is made, and so as not to unfairly prejudice the information holder, we propose the following insertion in Section 51(6): After "…within 30 days" insert "of receiving sufficient information to identify the record"

b. Section 51(8) - Correction of personal information: Section 51 provides for the correction of information held by private bodies and requires that copies of deleted records be retained. There appears no good reason why copies should be kept of records that are deleted in compliance with a person's request to do so. The act of making and retaining copies of deleted material defeats the purpose of the deletion, creates an unnecessary administrative burden, and requires the costly creation of both procedures and storage facilities (either physical or on computer). We recommend that this section be deleted.

In the event that compelling reasons exist to apply this requirement in certain sectors or industries we recommend that the requirement be limited to those sectors.

In the unlikely event that compelling reasons exist to apply this requirement for all private bodies, the retention of such information should be restricted for as short a period as possible, for example no longer than one year, whereafter it may be destroyed or removed from databases.

c. Section 56(n) - Disclosure of personal information: This section provides for the disclosure of information by government bodies for the purpose of locating another person in order to make a payment owing to that person. This is unnecessarily restrictive in cases where non-financial benefits such as goods or services are due to persons, and we therefore recommend the following insertion: After "… in order to make a payment" insert "or deliver a benefit owing to that other person"

d. Section 58(1): Consent to use or disclose personal information: this section appears incompatible with consent obtained by giving individuals the right to object to the use or disclosure of their personal information, even where harm to the individual is wholly improbable. We therefore propose that section 58 be amended as follows:
"58(1) A private or governmental body may not use or disclose personal information as contemplated in sections 53(a), 54(a), 55(b) and 56(b) unless the prescribed procedures in respect of form and manner have been complied with.

(2) The consent of a person for the use and disclosure of personal information as contemplated in sections 53(a), 54(a), 55(b) and 56(b) may be withdrawn by the person giving that consent as prescribed
(3) Regulations made for the purpose of subsections (1) and (2) may …"

e. Section 86 - Regulations: In terms of section 82 the Human Rights Commission is empowered and encouraged to liaise with the private sector on issues relating to this Bill. In order to give further effect to this requirement we recommend that the following underlined words be inserted in Section 86 as follows "The Minister of Justice may, after consultation with the Human Rights Commission and any other representative body affected by the regulations, and with the approval of Parliament…"

RECOMMENDATIONS
1. Significant parts of the Open Democracy Bill relating to the application of the Act to private bodies are subject to the making of regulations. We note that, although the Act has bearing on Government, Private Citizens, and Private Bodies, Section 86 of the Bill (which provides for the making of Regulations) requires only that Parliament (Government) and the Human Rights Commission (private citizens) are involved in this process.

This approach is discriminatory and we submit that private bodies should be part of the process of regulation making and subsequent monitoring of the progress of the Act, in order to ensure that a fair and equitable balance of interest is maintained.

In this regard the Direct Marketing Association places on record its willingness to be involved in this process insofar as regulations and changes to the Act relate to the direct marketing industry.

2. We refer you to the points raised in the Section headed "Specific Legal Comments" above, and recommend the adoption of those recommendations.

3. We again draw attention to the fact that the Open Democracy Bill includes language inappropriate to the burgeoning use of computer databases for storage, and use of personal information. We are of the opinion that this may lead to practical problems in the implementation and interpretation of the Act, and recommend that attention be given to redrafting as appropriate.

4. The Open Democracy Bill already demonstrates significant adherence to the generally accepted principles of data privacy as practiced throughout the world. We urge that these principles are not diluted in the process of law making, but are reinforced and further entrenched. In this regard we also draw attention to the existence of a significant body of obligatory and enforced self regulation in South Africa, and recommend that these be taken into account in any redrafting of the Bill, or subsequent making of Regulations.