South Africans are increasingly frustrated by unsolicited cold calls, spam emails, and aggressive sales tactics. Fortunately, the Protection of Personal Information Act (POPIA) gives individuals the right to take action. Here’s how you can report businesses that violate your privacy.
South Africans are growing increasingly weary of unsolicited calls, SMSes, and marketing emails—especially from call centers and businesses harvesting or purchasing personal data to sell products or services.
While this might feel like a normal part of modern life, it’s actually a violation of the Protection of Personal Information Act (POPIA) if you did not consent to be contacted. And yes—you can take legal action.
POPIA: Your Legal Shield Against Privacy Violations
The Protection of Personal Information Act (POPIA) is South Africa’s privacy law that regulates how businesses collect, use, and store personal information. Under Section 99(1), any individual (“data subject”) whose privacy is violated can sue the responsible party—even if the breach was unintentional.
Key Consequences for Companies That Violate POPIA:
- Fines of up to R10 million
- Imprisonment for up to 10 years for serious breaches
- Civil lawsuits for damages from individuals or class actions
- Reputational damage and business disruption
What Counts as a POPIA Violation?
If a company:
- Calls you without your explicit consent
- Sends you marketing emails or SMSes despite multiple unsubscribe requests
- Buys your personal information from a third party without your permission
- Fails to secure your data or suffers a breach that affects you
…it could be in serious violation of POPIA.
Real Example: FT Rams Consulting Sanctioned
Recently, FT Rams Consulting, a Randburg-based business, was issued an enforcement notice by the Information Regulator for violating POPIA. The company continued to send marketing emails to a data subject despite several unsubscribe attempts. The Regulator ordered the company to take corrective action within 90 days or face penalties of up to R10 million or imprisonment.
How to Report Privacy Violations in South Africa
If you believe your personal information has been unlawfully used, you have every right to submit a complaint to the Information Regulator.
✅ Step-by-Step Guide:
- Download and complete POPIA Form 5
- You can find it here: https://inforegulator.org.za/complaints/
- Send the form via email to:
POPIAComplaints@inforegulator.org.za - Not able to submit in writing?
- The Regulator is legally required to assist you.
- Wait for a response:
- The Regulator must inform you and the company in question of the course of action it will take.
Who Can File a Complaint?
- Any individual who feels their privacy was breached
- The Information Regulator, on behalf of a data subject
- Class action groups, where multiple individuals are affected by the same violation
What Happens After You File a Complaint?
The Regulator can:
- Launch an independent investigation
- Issue enforcement notices to offending companies
- Recommend civil or criminal penalties
- Publicly list violators and set legal precedents
Don’t Just Accept Spam—Report It
Whether you’re receiving cold calls from unknown numbers or companies misusing your email address, you are not powerless. Under POPIA, consent is king, and companies that ignore it are not only breaking the law—they’re risking serious consequences.
Make your voice heard. Your data is your property. Privacy is not a privilege—it’s a right.
Report a privacy violation today:
📩 Email your completed Form 5 to POPIAComplaints@inforegulator.org.za
🔗 More info: https://inforegulator.org.za/complaints/
