_WHY-OBTAIN-LEGAL-ADVICE

Direct Marketing & Privacy – Health Check

Privacy Spam Do Not Call Register Business issues to consider
Type of personal information collected (other than sensitive information) Name, address.
Email address, mobile phone number
Email address, mobile phone number “Non-business” telephone number or mobile phone number, fax number (both personal and business). If your business collects or uses any or some of those details about a customer, you will need to comply with the Privacy Act 1988, the Spam Act 2003 and/or the Do Not Call Register Act 2006.
Type of marketing/ promotional activities undertaken Specifically covers “hard copy” direct marketing but potentially covers all types of marketing and promotional activities.
e.g. mail marketing, personalised brochures and flyers, personalised letter drops
Electronic direct marketing (EDM)
e.g. commercial emails, SMS, MMS
Telemarketing calls, marketing faxes
e.g. outbound telephone calls for the purpose of cross-selling, faxes sent to customers promoting goods or services.
If you use the customer personal information to promote or market your business’ goods or services, then you must comply with these legislation.
Please note there are other requirements imposed by each legislation as well as other industry specific obligations that you must also comply with. You should obtain legal advice specific to your needs and purpose.
Is customer consent required to market to them? Yes – unless the following exceptions apply:

  • An organisation may use the customer information for direct marketing if it collected the information direct from the customer and he/she would reasonably expect it would be used for direct marketing.
  • An organisation maintains an “opt out” facility and the customer has not opted out.
  • An organisation must draw the customer’s attention
Yes Yes – if the mobile number or telephone number is not registered on the Do Not Call Register (that is, the telephone number or mobile number is “washed” against the list of the Do Not Call Register).
Is an “opt out” mechanism required? Yes – must maintain a simple mechanism allowing the customer to “opt out” of receiving further direct mail and customer has not “opted out”. Yes – must maintain a functional unsubscribe facility for 30 days or more after the electronic message is sent. Generally, no but other legislation may impose specific obligations. It is important that you have internal facilities to allow customers to “opt-out” of receiving marketing and promotional and processes in place to record and monitor them.
What must be included in the “Opt out” message “Hard-copy” direct marketing must:

  • Contain a statement that a request to “opt out” can be made.
Commercial electronic message must:

  • contain a statement saying that the customer may use an electronic address set out in the message to unsubscribe
  • contain sender information (that is, the business sending the message)
  • be sent from Australia (that is, must have an Australian link).
Generally, no but other legislation may impose specific obligations. One way to comply with this requirement, for an example, is to make sure your marketing letters contain the following statement:
“If you longer wish to receive [newsletters/sales brochures] from us, please call us on [telephone number].”
In an email, you may wish to have the following statement in the email:
“If you wish to unsubscribe from receiving emails from us, click [here].”
The link to unsubscribe from receiving marketing and promotional emails must be working and remains so for 30 days after the date of the email.
Time frame for “opting out” A reasonable time (e.g. 30 days). 30 days from the date the electronic message is sent. Any time during the call. See above.
Potential penalty for breaches Up to $1.7m. Up to $360,000 for companies and $90,000 for individuals. Up to $360,000 for companies and $90,000 for individuals. In addition to monetary penalties, there is also reputational risk to your business.

Need an experienced Lawyer?