By Gary Alleman, MD at Master Data Management
A number of recent rulings by the National Consumer Commission (NCC) have significant implications for both companies and their executive teams. Whereas South African companies have previously escaped violations of legislation with relatively minor consequences, these rulings show that the NCC, which has been set up to enforce the Consumer Protection Act (CPA) of 2008, intends non-compliant organisations to face severe consequences.
A case in point is a local government organisation that was ordered to rectify errors on resident’s accounts, or face penalties of between R100 000 and R500 000 per issue. Historically, data quality issues have not resulted in this kind of penalty. The city in this case has won an appeal on procedural grounds – the appeal tribunal found that the blanket judgment was not lawful, as each individual case needed to be investigated independently.
Another well publicised case is a local property auctions company, and its CEO, which were found guilty of contravening aspects of the CPA. The company was reportedly fined 10% of its annual turnover, while the CEO is reported to have been sentenced to 12 months in jail or a R1 million fine. Lawyers are contesting the judgment on procedural grounds and the final outcome remains to be seen.
The implications for company directors are clear. While the NCC may lose these test cases on procedural concerns, the intention appears to be that non-compliance with legislation will have significant penalties, which could include fines large enough to bankrupt companies, or jail time for responsible executives.
The NCC is sure to learn from these initial decisions and future penalties can be expected to follow procedures that address issues identified in these appeals.
It can also be assumed that legislation such as the New Companies Act (NCA), which brings the King III corporate governance recommendations into law, and the upcoming Protection of Personal Information (POPI) bill will be enforced with similarly rigorous penalties.
Each of these bills has significant data management implications – in particular legislating how information must be stored, how data privacy must be maintained, and that data quality must be ensured.
Company directors that do not address these, and other requirements, could be placing both themselves and their companies at risk of these severe penalties. Data governance, which has historically focused on traditionally legislated sectors such as financial services, is now relevant across all sectors. Business needs to implement appropriate levels of data governance in order to ensure legislated levels of data quality and data privacy are met across the enterprise.