[By Craig Wilson]

The Consumer Protection Act (CPA) that came into effect in April calls for the establishment and maintenance of an opt-out registry to protect consumers from unsolicited marketing. It seems the job may go to the Direct Marketing Association (DMA) of SA, but the organisation this week showed it is ill-suited to the task by running a poll it felt sure would support it and then allegedly manipulating the poll when it didn’t.

Dave Gale, an independent telecommunications consultant, says the DMA “seems to be totally incompetent at managing data”. He tells me that running a poll asking users whether the organisation should be allowed to manage the opt-out registry was a “self-serving” exercise. “Most visitors to the DMA site are liable to be members, and it’s in their interest to support them,” says Gale.

The National Consumer Commission (NCC) is tasked with appointing the overseer of the registry. In March, it called for parties interested in managing the opt-out registry to submit proposals. Of the three organisations that responded, the DMA emerged as the NCC’s preferred candidate.

The other respondents were Logan Attorneys and Deloitte. In the DMA’s defence, it is certainly the best equipped of the three to run the national registry as it already has many of the necessary structures in place. However, that in no way negates the fact that it is, first and foremost, beholden to its stakeholders, and as such, it should be disqualified on principle.

“If you think about it, you’re going to be dealing with irate members of the public who’ve been spammed or harassed by telemarketers, and you’re dealing with people’s private information, so it’s not an attractive business proposition for most,” says Gale.

Gale tells me the CPA originally called for an opt-in database that required consumers to allow themselves to be marketed to, rather than asking not to be after the fact. It came as little surprise when direct marketers cried foul and argued that doing so would kill their industry, and instead the NCC called for the creation of an opt-out database.

“I don’t mind if someone calls me once trying to sell me something, and if I ask them not to call again, they don’t. I understand for growing businesses, trying to boost sales marketing to a targeted group makes sense. But blindly calling anyone on a database, or calling people who’ve asked not to be, isn’t okay.”

Gale says he considers himself tolerant of unsolicited marketing, “but I understand that some people don’t want to be contacted at all, ever, and the whole idea of the registry was to be able to cater to individuals’ different preferences with regard to whether, and how, they can be marketed to”.

The poll the DMA ran asked users to respond “yes” or “no” to this question: “The DMA has been nominated as preferred supplier to the National Consumer Commission to manage the official Do Not Contact Database. Do you support this move by the NCC?”

However, users like Gale found they “could vote repeatedly, so you could literally watch the numbers change. How could the DMA leave that door open? Further, it didn’t even admit the flaw, or explain how it ended up with the final figure they did. There were no voter numbers or similar information. It makes the DMA look wholly untrustworthy.”

At one point, the poll results showed 96% of participants had voted “no”. However, a log of the poll reveals that at around 5.15pm on Thursday the original poll was deleted, and visiting the DMA’s page of past polls on Friday showed the final result for the poll in question recorded 87% of votes as “yes”.

The DMA has said nothing about how it reached the final figure, or why it allegedly fiddled the poll while it was in progress. The fact that it ran a fundamentally flawed poll (both in terms of motive and execution) in the first place, in addition to the organisation’s already chequered history with database security and the interests it represents, are all reason enough to be concerned that the NCC is even considering the DMA.

“I listed my details on the DMA and opted out of all correspondence, but I still get calls,” Gale tells me. He cites a specific recent incident where mobile operator 8ta called him twice, despite him asking them not to call again the first time. When he asked if 8ta was a DMA member, he was told they were. “I was then told it was possible the database hadn’t been updated yet. But I signed up three years ago.”

Gale attempted to lodge a complaint with the DMA, but was told that knowing the call centre the call came from, when it was made, the name of the telemarketer and the name of the shift supervisor was “insufficient information”, and that he would have to supply surnames and additional information.

“I tried to lodge a complaint, but the impression I got was that they clearly weren’t interested in processing it and simply wanted to fob me off. These are not the right people to be tasked with managing my information.”

Gale says the only way consumers can prevent the DMA from getting the job of maintaining the opt-out database is by “making a fuss”. “We need a high volume of loud complaints to put pressure on the NCC. They’re meant to protect consumers.”

Joe Botha runs a start-up called TrustFabric, a company some suggest would be a much better candidate for the opt-out registry job. Botha says the NCC call for submissions from interested parties was only open for two weeks, and that his company only found out about it after that period had passed.

Nevertheless, Botha contacted the department of trade & industry and “begged and pleaded to be involved in the process, but they blankly ignored me and haven’t kept me updated at all”.

Botha says the only thing the public can do is “hope the NCC isn’t blinded by the process they’ve created and doesn’t feel forced to go with the DMA. I hope they’re not going to ignore our proposal. I hope they’re open to alternatives.”

He says there is “no point” trying to understand what happened with the DMA poll. “It will just make your brain hurt. The date ranges don’t even make sense — the latest ones are in reverse.”

Responding to accusations that the poll had been manipulated, DMA CEO Brian Mdluli told ITWeb on Friday that a “rogue element” had manipulated the poll with an automatic system that created multiple “no” responses for every recorded “yes”. He reportedly said the DMA knows this because of the number of votes coming from a single Internet Protocol address in Cape Town and added that the association intends to take action against the party or parties responsible.

Arguably, by settling for an opt-out rather than an opt-in model, the NCC has already done consumers a disservice. Surely an organisation like the DMA, which is mandated to protect the interests of marketers, should not be eligible to run an opt-out registry on the basis of the inherent conflict of interest.

Then there’s the issue of the DMA’s less-than-stellar track record. In May, the organisation was accused of leaking a database containing the personal information of some 39 000 users to non-DMA members. Although the organisation says it has yet to see proof of the leak, it also said that if it found someone had done so they would take punitive measures. If you’re certain, you don’t need a contingency plan.

The NCC has set a deadline of Friday for complaints and objections to the proposal of letting the DMA manage the national opt-out registry. From a consumer perspective, the registry is simply too important to give to the wrong organisation. Who the right organisation is remains to be seen, but it’s pretty clear that the DMA is not it.