All direct marketing communications that use personal information may need to include an opt out option under the new privacy laws that come into effect today.
Met with a resounding “oooh” around the room at The Communication Council’s privacy workshop in Sydney yesterday morning, Stephen von Muenster, from von Muenster Solicitors & Attorneys, said that although the Australian Privacy Principle (APP) 7 says personal information cannot be used for direct marketing, there are a few exceptions.
APP 7.1 states: “If an organisation holds personal information about an individual, the organisation must not use or disclose the information for the purpose of direct marketing.”
However there are a number of exceptions to this rule, outlined further on in APP 7 – Direct Marketing.
According to von Muenster, there must be some sort of functional opt out option for all direct marketing communication in line with their technical platform, whether that be an unsubscribe button on email, information about cookies and where not to accept or sending STOP on a txt message.
The new privacy laws were brought in to try and keep up to date with the rapid changing technological landscape and the Australian Government introduced the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).
The Act introduces the APPs a set of mandatory privacy principles which replace the National Privacy Principles and the Information Privacy Principles contained in the Privacy Act 1988 (Cth).
Unless you’ve been living in a bubble, clients are going to be collecting personal information, von Muenster also remarked.
“The days of not worrying about who your consumers are and not wanting to understand the who, what, when, where and how of what they’re buying and consuming and the reasons for it are pretty much over.
“Everyone’s collecting something these days.”
The use of personal information, what is considered personal information and how you obtain it was one of the key points from the new laws, and what is considered personal information is that which is information or opinion about an identified individual or information about an individual that is reasonably identifiable.
Basically, if you can easily identify a person without the obvious name and address, that may be considered personal information, according to von Muenster.
Another key aspect to the laws is the inclusion of a “collection statement” of solicited personal information, which von Muenster recommends having a tick box for the consumer to agree regarding the use of their personal information to ensure consent.
“The data collection statement is, in my view, the root of all good or all evil when it comes to your consumer database. If you get it right, there’s a lot you can do and if you get it wrong, you might have problems.
“If you collect personal information you must take reasonable steps to notify the individuals of certain matters at or before the time of collection.”
The new laws apply to all organisations that collect personal information with a minimum annual turnover of $3 million.