Is Your Email Marketing Compliant With Australian National Privacy Principles?
Like most of us, you are probably wondering what all the fuss about the National Privacy Principles is all about. With most new acts or changes in legislation, they make you feel like you need a legal translator to make any sense of them.
As a provider of Email and SMS Marketing services, helping clients collect customer information and actively collecting customer information ourselves we feel twice as responsible.
We’ve been diligently working on our own system and business compliance, and are now happy to pass that experience onto you.
Here’s a bit of background.
In late 2012 the Federal Government enacted the Privacy Amendment Act of 2012 and the new laws come into force on March 12. The amended act sees the National Privacy Principles and Information Privacy Principles replaced with a new set of 13 Australian Privacy Principles (APPs).
National Privacy Principles may require your organisation to:
- Identify the types of personal information they hold, collect, use and disclose
- Amend contracts
- Train staff and engineer compliance into their systems
The main groups Australian National Privacy Principles are broken into are:
- Companies with turnover of $3 Million or less
- Companies with turnover of more than $3 Million
- Health Care Providers (special inclusions etc)
BrandMail have clients in each camp, and there are no clear “one-size fits all” approaches. However, there are common elements to the changes in the act that apply to everyone. It is worth noting that smaller businesses with a turnover of $3 Million or fewer are not considered APP entities.
There are exceptions of course, and it is best to seek legal advice if you wish to be sure. We are focused on helping everyone that use email marketing services, so we created:
5 Ways to Comply With Australian National Privacy Principles
2. Don’t collect unnecessary information
Working through these privacy amendments it starts to become very clear that collecting information no reasonable for the function of your business is frowned upon. Collecting items such as passport numbers or other sensitive ID documents not necessary for business may see you having to justify the reason for their collection.
3. Make sure you are Spam Act compliant
You will also notice that amendments have tightened up around direct marketing. The Australian SPAM Act has been with us since 2003 so a best practice to your email marketing should lock in your compliance here, please make sure your “Expressed Consent”, “Inferred Consent”, and you provide clear and obvious unsubscribes in your emails.
Learn more about the SPAM Act.
4. Review where your data is stored
National Privacy amendments have also introduced increased stringent rules around cross-border disclosure of personal information. Keeping personal information on your customers, even just names and email addresses requires you to take reasonable steps to make sure your provider (email marketing service, CRM etc) is not breaching National Privacy Principles.
Once personal data leaves Australian borders international laws apply (not always in the interest of your business or customers).
BrandMail is an Australian business with Australian infrastructure and hosting. Its services including customer information and their subscribers personal information are kept within Australian borders.
5. Let them know
- Update ALL Auto-response emails (after 12th March 2014) from all web pages include your notification statement and a clear opt out
- Include an updated Email Footer that links to your new notification statement
- Ensure ALL emails have clearly marked Unsubscribe buttons/links, even on “View Online” versions of the email
All of our “Done For You” services now include a National Privacy Principles update in the standard set up.
Whether you this relates to you or not, it’s good practice to treat your subscribers with respect and make sure you are compliant while taking every precaution when handling your customers information.