Update from ICON regarding COVID-19

Issues such as privacy, fair trading, spam and telemarketing have a huge impact on the ability to market a product or service. Complying with the relevant legislation and laws not only makes financial common sense: it creates a bond of trust with consumers.

Tomorrow, March 12 2014 sees new Privacy laws come into effect in Australia which will change the way we collect data and how we can use it for marketing purposes.Privacy act

There are now 13 privacy principles and they are now divided into 5 important categories:

  • General
  • Data collection
  • Use of personal data
  • Integrity of data
  • Access and correction

Download the 13 point privacy principles here.

One key point to note is that small businesses (with a turnover of $3 million or less) are exempt from the new Privacy Act unless they are:

  • a health service provider
  • a trader in personal information
  • related to a larger business
  • a contractor with Commonwealth
  • a reporting entity under the AML/CTF Act
  • an operator of a residential tenancy database.

In response to the new Privacy Principles, BRW recommends companies implement seven key steps to ensure compliance.

  1. Implement a privacy policy, or amend an existing policy: Every business needs a privacy policy to comply with the new Australian privacy principles; those with an existing policy will need to amend it.
  2. Know what “personal information” you collect: Business must be aware of the personal information it collects, its primary purpose for collection and its responsibilities for storing, using and disclosing that information.
  3. Examine all contracts with overseas suppliers: Under the new reforms a business may be held responsible for any privacy breaches committed by overseas suppliers. Contracts may need to be amended or data transfer deeds introduced.
  4. Review direct marketing processes: Can recipients opt out? Are consent requirements in place where necessary?
  5. Implement inquiry and complaint-handling processes: Businesses must implement procedures and systems to enable it to deal with privacy inquiries and complaints.
  6. Train staff: A rookie mistake is no excuse – business is responsible for ensuring staff understand privacy requirements. This can be achieved through internal compliance guidelines and staff training sessions.
  7. Appoint a Privacy Compliance Officer: Business can benefit from having a compliance officer who is across all of the privacy issues and who can act as the central point for privacy inquiries and complaints.