The new privacy Amendment Act and its rules around how marketers can use personal data is now just over four months old, but despite the big implications associated with crossing the act awareness and understanding of the updates are low.
“Despite the best of intentions, I don’t think most people in the industry are even aware of the changes,” says Dan Monheit, director of strategy and owner of Melbourne’s Hardhat Digital.
“Legal departments are definitely where things are being felt.”
The Privacy Amendment Act came into effect from March 12 this year and introduced thirteen Australian Privacy Principles (APPs) which outline how organisations can collect, handle, process and use personal information for marketing purposes.
If you breach the Act you could be handed a fine up to a soul-crushing $1.7m.
Luckily, the Office of the Australian Information Commissioner (OAIC) made it clear that it would not be rushing to issue fines for breaches.
“Instead OAIC has indicated it wants to work with all sections of business to clarify policies in order to avoid difficulties further down the track. This is great news for all in the industry,” says Alice Manners, chief executive of the Interactive Advertising Bureau (IAB).
But that time will come to an end.
And so here is a list of 10 things you want to avoid. At all costs.
Ten privacy mishaps that will stuff you up (in no particular order)
1. Hitting $3m turnover
You might be thinking it’s time to pop open some champers but this success could bite you on your rich behind according to Hardhat Digital’s Monheit.
“If you’re a small business doing $2,999,999 in revenue a year, one extra dollar will push you over the threshold at which point all the new laws apply to how you collect and use data. Good news for your lawyer if nothing else,” he says.
Bad news however for the small businesses which are not exempt and must comply even though their turnover is less than $3m. According to the Interactive Advertising Bureau’s (IAB) chief executive Alice Manners these unlucky small businesses include health service providers, organisations trading in personal information, credit reporting bodies and organisations related to a larger body corporate.
2. Still using your old privacy policy (duh)
“Neglect to update (or create) your Privacy Policy at your own peril,” Manners warns. “Make sure it clearly explains what personal information you collect and make sure it’s always current, clear and accessible. Then ensure that you update your internal policies to reflect the changes and train your staff to support it.”
3. How did you know that?
Brands need to be 100% transparent about the information they are collecting on their consumers, why and where. “Privacy is becoming of ever greater concern to the average consumer and if we don’t gain their trust it is clear the government is prepared to make our lives difficult,” M&C Saatchi’s data strategy director, Andrew Newell, says. Brands must also give consumers control over how their information is used and how they can opt out. “When consumers understand what’s being used and why, they are less likely to be threatened by it and you are less likely to have issues,” Manners explains.
4. Partnerships with shady offshore suppliers (or your global partners)
“You’re now responsible for what they do with the data you collect,” Monheit warns. And if you are sharing personal information overseas “you must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles,” Manners adds.
5. Being greedy…and collecting unnecessary information
“Focus only on personal information that is necessary for your business functions or activities,” says Manners. Daad Soufi, regulatory affairs director at the Association for Data-driven Marketing (ADMA), says brands need to allow consumers to engage with them either anonymously or via a pseudonym. “Where this is possible, consumers should not be compelled to disclose their personal information.” “This ensures that consumers have some control over their personal information and also ensures that organisations align their collection practices to that which is relevant to their day-to-day business.”
6. How the heck do I unsubscribe?
If your consumers are thinking this you have made a privacy boo-boo. Every communication using private data needs to carry a clear and concise option to unsubscribe. “ACMA’s spam email reporting address now makes it very easy for corporations to be reported for breaches of this.”
7. Untrained staff
“Ensuring staff are aware of the privacy changes so that they provide the correct information to consumers which also ensures the organisation is portrayed as being compliant. This helps avoid complaints,” Soufi explains.
8. Confusing opt ins and outs
A balance needs to be found between individual opt ins for a brand’s different products and one blanket opt in. “Too many different opt ins can be confusing for the consumer and hard to manage for the brand,” M&C Saatchi’s Newell says. “Having just the one opt in for everything can create a problems as an opt out from one slightly off-targeted communication or from one relating to a product no longer required needs to be applied across the board.”
9. Using out of date definitions
To comply with the new Privacy laws you obviously need to be working with the new definition of personal information. “It now includes any information or an opinion about a person if that person is ‘reasonably identifiable’ and it applies even if information is untrue or not recorded in material form,” IAB’s Manners explains.
10. The summer of 2038
“The changes pushed through in 2012 were a major update to the 1988 Privacy Act. Assuming the pace of government stays the same, get yourselves ready for a big one in another 24 years,” Hardhat Digital’s Monheit explains.
