Okay … this may seem a little dry, but hang in there; we will get to the nitty gritty as quickly as possible.
Email and SMS marketing in Australia is not only impacted by the Australian Spam Act 2003, but also the Privacy Act 1988 (as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012). The Privacy Amendment Act came into force on the 12 March, 2014 and created a single set of Australian Privacy Principles (APPs) applying to both Australian Government agencies and the private sector, with some special situations for the medical profession. Whilst the Privacy Act does not apply to small businesses (those with an annual revenue of less than $3,000,000), it is best practice to adhere to the legislation regardless of your size.
As I see it, the most important change in the Privacy Act was more stringent disclosure about where your data can be stored, and ensuring that government agencies do not store their data offshore except in some very specific situations. NB: if you do provide your data to offshore organisations, you are responsible for ensuring that they do not breach the Australian privacy principles.
When undertaking email and SMS marketing, in order to comply with the Privacy legislation we recommend that you:
- Use eNudge, because your data is stored on Australian servers, not off-shore and because eNudge makes it easy for people to un-subscribe (this requirement is now included in both the Privacy legislation as well as the Australian Spam Act).
- Only store in eNudge the information that you absolutely require in order to be able to personalise your messages and analyse your campaign results.
- Do not store or personalise on government identifiers e.g. tax file numbers and the like.
- Document and follow your privacy policy, and have it easily accessible via your website.
- Include a link to your privacy policy within your email message – your email footer is the best place for this.
What should be in your privacy policy?
- The kinds of personal information your collect & keep.
- How you hold it e.g. with eNudge you might say that your information is stored in a secure online database, within Australian servers, and only accessible by appropriate employees.
- For what purpose you collect, store, use and disclose the personal information, and most importantly, identifying where the disclosure may take place overseas including identifying the country.
- How a person can view & request correction of the personal information you are storing about them.