Do you shudder at the thought of having to read over a neverending commonwealth act and endless legal babble? Do you feel like you need a law degree just to make any sense of it all? If so, you’re not alone, most people cringe at the thought. Australia’s recently amended Privacy Act is one that I have done plenty of sweating over in the last few months.
So where to begin, in late 2012 the Federal Government enacted the Privacy Amendment Act of 2012 and the new laws come into force on March 12. The amended act sees the National Privacy Principles and Information Privacy Principles replaced with a new set of 13 Australian Privacy Principles (APPs).
In essence, the laws may require organisations to:
- Identify the types of personal information they hold, collect, use and disclose.
- Amend compliance documentation – privacy policy and collection notifications.
- Amend contracts.
- Train staff and engineer compliance into their systems.
As many of Vision6 clients are small businesses it is worth noting that generally speaking most small businesses (businesses with an annual turnover of $3 million or less) are not considered APP entities. There are however exceptions to this for example in the case of a health care provider, so it is worth getting some legal advice if unsure.
So what are the top 4 things that you as an email marketer should do?
1.Get a privacy policy
The privacy amendments are all about being open and transparent with personal information. So if you don’t have a privacy policy now is a good time to get one that includes a collection notification statement which essentially details what you collect personal information for. ADMA has some great resources to help including their Privacy Policy Guideline document.
2. Don’t collect unnecessary information
These new privacy amendments make it pretty clear that you shouldn’t collect personal information unless that information is reasonably necessary for your business functions or activities. Make sure you are not collecting information that has no relevance to your business. For example don’t ask for a person’s driver’s licence number if they are just purchasing a product, it’s not relevant or necessary.
3. Make sure you are Spam Act compliant
The amendments have tightened up the practices around direct marketing. Since 2003 the Spam Act has been in play in Australia so I think we should all be fairly familiar with practices to comply with the act. The Spam Act refers to ‘Expressed Consent’, ‘Inferred Consent’ and also covers off unsubscribe practices. Learn more about the spam act.
4. Review where your data is stored
The privacy amendments introduce more stringent rules around cross border disclosure of personal information. If personal information is to be disclosed overseas the business must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles. In essence once data leaves Australian borders other laws apply (and not always the good type). Vision6 is an Australian business so all your personal data (and your subscriber data) is stored locally with Vision6, which is important if you too are an Australian based business.
So there you have it. Hopefully, this helps you from waking up in the middle of the night in a Privacy Act cold sweat.
If you want some more information on the new Australian Privacy Principles you can download a summarised factsheet from the Office of the Australian Information Commissioner.