As the rate of identity theft accelerates, more South Africans are questioning how their private information is getting into the hands of companies and marketers without their knowledge or permission.

The Protection of Information Act currently stipulates that marketing by means of unsolicited e-mail is prohibited (unless certain provisions apply), and that organisations need to implement both opt-in and opt-out strategies.

While organisations may do their best to protect their employees, when an individual is not protected by compliance in the corporate world, two things happen, says Manie van Schalkwyk, executive director of the Southern African Fraud Prevention Service.

“One, there is a ready market for fraudsters to target their victims; and two, individuals sign up for a number of offers, subscriptions, services or entertainment without thought to the consequence,” he said.

He added that there are a number of ways in which data can be exposed, including:

Social media, where privacy settings are not understood or properly applied;

A data leak such as the recent Sassa grant system where individuals were targeted by people selling loans;

Hacking the information of a company’s directors and executive staff members.

Van Schalkwyk noted that while the Act stipulates that ‘processing of special personal information is prohibited unless certain provisions apply’, it appears there are loopholes around this – particularly in digital communication.

Specifically, he warned that South Africans should be careful when they receive emails requesting information updates.

“This updated information can be used to apply for goods and services that the user has no intention of every paying for,” he said.

He added that the first time the victim becomes aware of the service is when they get the call from a debt collector.

“In one instance a woman who became a victim of identity theft, was listed with three cell phone networks, for amounts running to about R10,000 each.

“She was also liable for payment on an account with the Edcon Group that she had never opened. It took the woman many months and a great deal of anxiety to have the charges reversed.”

Van Schalkwyk said that the easiest way to prevent this from happening is to check your credit report regularly.

“Also, protect your data vigorously. Treat it like cash. Be careful about who you share it with and change your passwords regularly – at least once a month.”

Read: 53 people exposed in South Africa’s great bank heist