In today’s Privacy Awareness Week article we will be discussing how your business can hold personal information and use it for the purpose of direct marketing.
What is direct marketing?
Direct marketing involves the use of personal information to promote goods and services directly to an individual. Examples of direct marketing include promotional emails, cold calls and text messages.
When is direct marketing allowed?
Generally, under Australian Privacy Principle (APP) 7, your business must not use or disclose personal information for direct marketing purposes. However, there are a number of exceptions.
If your business collected the personal information directly from the individual, your business may use or disclose personal information (other than sensitive information) for direct marketing if:
- the individual would reasonably expect your business to use or disclose the information for direct marketing; and
- there is a simple way for the individual to opt out of the direct marketing and the individual has not previously made a request to opt out.
Alternatively, if your business collected the personal information from a third party, your business may use or disclose personal information (other than sensitive information) for direct marketing if:
- the individual has consented to the collection or it was impracticable to obtain consent;
- there is a simple way for the individual to opt out of the direct marketing and the individual has not previously made a request to opt out; and
- each time your business engages in direct marketing with the individual, your business includes a prominent statement, or otherwise draws the individual’s attention to the fact that the individual may opt out from direct marketing.
Your business may also use or disclose sensitive information for direct marketing purposes if the individual has given consent.
If your business is required to provide a direct marketing opt out, the Office of the Australian Information Commissioner recommends:
- a visible, clear and easily understood explanation of how to opt out (for example, instructions written in plain English and in a font size that is easy to read);
- a process for opting out, which requires minimal time and effort and that uses a straightforward communication channel (for example, direct marketing sent via email should allow the individual to opt out in a link incorporated into the direct marketing email itself); and
- an opt out process that is free, or that does not involve more than a nominal cost for the individual (for example, the cost of a local phone call, text message or postage stamp).
- If your business receives a request to cease sending direct marketing material to an individual, your business must comply with this request within a reasonable period after the request is made.
Why does it matter?
Failure to comply with the APPs may lead to penalties of up to $1.7 million (for corporations) and up to $340,000 (for individuals) if they seriously or repeatedly interfere with a person’s privacy.
If you do not think that your business currently complies with the APPs, we recommend that you rectify the issue. These tips are not exhaustive considerations and you should consult the APP guidelines or ask us for more information.
Privacy awareness week
This article is part of our series on handling personal information as part of Privacy Awareness Week. As an official partner of the Office of the Australian Information Commissioner’s privacy awareness campaign, Cooper Grace Ward will be publishing a series of articles that relate to:
- how your business can collect personal information;
- how your business can engage in direct marketing;
- how your business should handle requests to access and correct personal information;
- the importance of a social media policy; and
- how your business can organise internal privacy awareness and training.