Data Privacy: Australia’s New Privacy Principles

dotMailer’s Best Practice and Compliance guru, Tom Corbett, gives a quick overview of Australia’s new data privacy laws.

This month, the Australian Privacy Principles (APP) came into effect – a comprehensive list of new privacy laws that apply to Australia.

If your brand operates in Australia, this will affect you. In particular, sweeps competitions, promotions, email campaigns and surveys – i.e. operations designed specifically to harvest customer data – will be affected.

In short, the new laws make it now compulsory for organisations in Australia to notify new and existing customers about all of the personal data they collect – and most importantly, what they’re going to do with it.

Many organisations already have an obligation to data privacy but now this covers a need to publish a ‘Notification of Data Collection’.

The Australian Communications and Media Authority, the responsible authority for oversight of the new regulation, has already stated that they will be naming and shaming brands that breach protocols. Obviously, The Office of the Australian Information Commissioner (OAIC) released guidelines towards compliance in late February – which are thankfully straightforward. Among the most prominent points are:

• ‘Opt-outs’ are now required to be very prominent in marketing materials – special consideration needs to be made for third-party data and ‘inferred consent’ entries.
• Classifications of tracking data (e.g. interaction data and cookies) now treated as personally identifiable data

The Association for Data Driven Marketing and Advertising (Australia’s DMA) has a massive online resource towards helping brands comply, including checklists and data breach responses. The below graphic illustrates their definitions towards compliance.

Could this be an end to the market in email lists? We can only wait and see how this plays out over the coming months. However, the issue of privacy is ever changing, and as a result we’ll be starting a new blog series on promoting international data hygiene, helping ensure good list hygiene and mitigating future risks in changes to privacy laws.

DISCLAIMER: This article is meant purely for reference, and should not be taken as formal legal advice. Please refer to the Office of the Australian Information Commissioner for additional information.