This is how they got your number

Understanding the direct marketing industry.

JOHANNESBURG – The next time a call centre agent tells you they got your number from the “national consumer database”, ask to speak to their manager. Aside from the fact that no such list exists, the Protection of Personal Information Act (POPI) – which, in case you missed it, is law – holds any entity handling personal information responsible for how that information was obtained.

So how do companies get their data (and your number) in the first place? “It’s a grey area,” admits Warren Moss, chairman of the Direct Marketing Association of South Africa (DMASA). Most lead brokers have built up their data over many years and before there were any laws regulating the access and exchange of that data.

Certain sections of POPI came into effect only in April 2014, while the office of the Information Regulator (to actually enforce the Act) is still being established. Moss expects this to happen in the next few months, after which companies will have an 18- to 24-month grace period to be POPI compliant.

“In the past, banks, insurers and cellphone companies would buy data from anyone. Now that there are laws governing the industry they make sure they buy from reputable companies,” says Moss.

DMASA has an accreditation called the Centres of Excellence, which audits the POPI compliance of list brokers and has 13 accredited brokers. Needless to say that lead brokering, or list brokering, is a perfectly legitimate business practice. Companies can either buy or rent lists from these brokers for their direct marketing campaigns.

Blue Label Data Solutions, listed on DMASA’s Centres of Excellence list, is one such list broker. The company obtains its data in a variety of ways, according to Michael Campbell, investor and media relations executive. These include social media campaigns and opt-in competitions (such as Win a Scooter on Facebook); websites where you can register to receive loan offers ( or promotional deals (; credit bureau updates; public domain information; and using call centres to update existing consumer information.

“If you register on a site like MoneyMavericks or SaveMoney, you can opt-in to receiving electronic communication around promotions and products. Some of the [direct marketing] agencies also work with media owners and their databases to generate leads. The entity sending any communication must be the owner of the opted in client’s details,” notes Johan Barnard, King Price’s general manager for eBusiness.

“We’ve had instances in the past where we’ve cancelled agreements with marketing agencies for contravening existing legislation. Our agencies are all mandated by law to screen their databases against the national opt out list,” he says.

Administered by DMASA, the national opt-out database enables you to opt out of all direct marketing communication.

“Any responsible marketer checks against this list. If you have been registered on the national opt out list and you’re still receiving direct marketing calls you should escalate that with the company concerned or contact DMASA via its website,” says Jaco Shutte, director of marketing services at TransUnion Analytic and Decisioning Solutions (ADS).

Red flags

That there was so little regulation governing the exchange of data in the past opened wide the doors to abuse. “A bank would literally give a list of numbers to a call centre manager on a memory stick, which was perfectly legal to do. But then that call centre manager gets fired and decides to sell the numbers he’s obtained to a list broker for R100 000 or more. And so the data gets traded and passed around,” DMASA’s Moss explains.

POPI enforces strict rules around how data is processed, stored, protected and shared. Good marketing and data businesses go to great lengths to ensure that data is protected, for example, servers are encrypted, and USB and disc drives are disabled, says Schutte.

A call centre agent phoning you from a non-financial services company should have only your name and ID number, adds Moss. If they have information about your income, who you bank with and what financial products you have, such information would have come from a credit bureau (if it was legally obtained) and in order to access credit-related bureau data they would need to be a member of the Credit Providers Association (CPA).

You can also check whether the company contacting you is a member of DMASA. While there is no legal obligation to be a member, the association holds members to a Code of Practice, which complies with existing data privacy laws.

“Consumers must stay vigilant when responding to direct marketing campaigns so as not to fall victim to phishing scams,” Schutte highlights.

Creating jobs and profit

Considering that most people I know don’t even take direct marketing calls (let alone make a purchasing decision off the back of them), the question arises: is the industry profitable?

It’s a “purely mathematical play”, says Moss. “The average call centre agent costs a company about R25 000 a month and can make roughly 1 600 calls a month. Let’s say the company is selling personal loans and makes R1 000 profit per personal loan sold. If the agent converts only 10% to 20% of those calls, that amounts to between 160 and 320 sales or between R160 000 and R320 000 a month – for [a] R25 000 [salary]. It’s hugely profitable.”

According to Moss, the direct marketing industry directly employs around 150 000 people. It also arguably helps to grow small businesses and connect customers with value-added services. “Through direct marketing, businesses are able to offer great deals to customers who not only need them, but who also might have to travel great distances to access them through brick and mortar structures,” Schutte maintains.

While Moss does not expect major job losses as a result of POPI, he worries that it may hinder innovation. “South Africa’s data laws are stricter than most countries in the world and make it very expensive to use information. This makes it very difficult to start a business that is reliant on information,” he says.

“Under POPI, you could not start a Facebook, Google or Uber in South Africa. Technology is built around customisation and in order to customise, you need information.”


Sort by:
  • Oldest first
  • Newest first
  • Top voted

You must be signed in and an Insider Gold subscriber to comment.


Not sure where you got your call centre figures from for this piece.
An agent will make upward of 150 calls a day (so over 3000 a month).
Their close rate is likely to be 2 – 4%. So anything around 3 to 5 ‘sales’ a day, using your micro loan example. Ither products have different figures.
Those loan agents get paid between R6000 and R10,000 typically. Call and other costs would be another R5000 or R6000. If an agent is costing you more than that, it would be quite unusual.

Thanks for your comment Tanya. Figures come from from DMASA chairman, Warren Moss. I’m sure it’s a generalised example and not all call centre agents are paid R25k, perhaps managers only. You’re welcome to mail me on if you’d like to share more info/your experiences.

This is why Makro forces you to signg up for a meaningless card to purchase at their stores. One useful app for smartphones is TrueCaller, through community contribution you can see if the number calling you has been marked as spam provided you have an active internet connection.

Makro issued their cards to corporate buyers, so if you were the manager of a canteen within a corporation you could apply for a card. In the initial days of Makro they only supplied goods against these cards, they also used the card and the sales to monitor what goods were acquired by corporate entity. However when they introduced the retail operation to the general public they stuck with their card system. I have had a Makro card for upwards of 25 years and these calls are not as a result of my card with them, but moreso from the rats and mice operations. When a company asks you for a contact number give them a Telkom number and not a cellphone number – you will be amazed at how few calls you get

Read the fine print. TrueCaller gives them the right to scan your entire contact list to update their directories. This data is not stored in SA, so not subject to SA POPI laws, and they can do what they want with the data – including selling it to whomever asks… By installing TrueCaller, you are making he problem worse!

“South Africa’s data laws are stricter … This makes it very difficult to start a business that is reliant on information” – Moss. Not really. ‘Opt-in’ systems allow for efficient curation of user data. When it comes to Direct Marketing, wouldn’t you rather talk to a few people who like your brand, rather than annoy thousands who don’t want to hear from you?

That being said, registration with the DMASA has reduced my spam to a tolerable level.

Now if only the cellphone companies would allow easy reporting of numbers used by phishers and scammers. I’m still getting random 419 – style SMS ‘offers’ daily!

Don’t waste your time with the DMASA or it’s the national opt-out database

When it comes to protecting you against people like the telcos eg MTN they are useless

Not my experience. I registered on the opt-out database a few years ago, and have had a noticeable drop in spam calls.

I even had a satisfactory result when Edgars continued spam-calling me (every other day) about funeral policies. One complaint to DMASA and everything was sorted — including profound apologies from EdCon PR dept.

You have to do a bit of ‘housecleaning’ and make sure you are unsubscribed from companies that have that option, either in the emails they send you or on the sites you are registered on (e.g. in the Profile section of your MyVodacom page) — otherwise they implicitly have your permission to contact you.

I also rely on GMail’s spam filters and if I get one spam message a day, it’s a lot.

Most reputable DM companies are registered with DMASA, and they take censure from the association quite seriously, I have found.

I agree,I also registered on the opt-out database. I still receive the odd spam call but it’s a hell of a lot less than it was.

You’ve been – I keep getting spammed by MTN for “out of bundle” messages, not way to unsubscribe. After NUMEROUS complaints to the DMASA, the NCCSA and MTN itself – no further action and still messages two to three times a week.

Perhaps some of the players respect the DMASA but MTN not at all. Guess there’s nothing reputable about them,…

Just convince your Cell company your name must be PETER 02 SNR or Peter Nr 1 or something like it. Give a few weeks and you will know your name was sold. Then you do the same with your bank , and the same will happen. It does not help a lot , but you know. And I make sure they know I know !

One other place I think these guys are using it the visitors book that you hv to sign when visiting complexes or business…I never give out my real number….

Yes they do sell those book lists. For many years I have given a false number and put down my name as M Mouse. If My wife is with me I add D Duck. No-one has ever queried this at the visitors’ desk.

End of comments.




Instrument Details  

You do not have any portfolios, please create one here.
You do not have an alert portfolio, please create one here.

Follow us:

Search Articles:
Click a Company: