Australian organisations still struggling to fully comprehend new privacy laws

ADMA chief highlights the lack of knowledge around the implications of Australia's new Privacy Act and its impact for marketers on customer data

Large and medium-sized organisations are getting ready for Australia’s new privacy laws but concerns remain across the industry that smaller businesses still don’t appreciate the significance of the new legislation.

The new privacy laws comes into effect on 12 March and will introduce a range of measures that companies must oblige by around customer data. These are a single set of standards called the Australian Privacy Principles that specify when information can be used for direct marketing or be sent overseas. Penalties for failing to meet the new privacy laws could cost companies up to $1.7m.

CEO of the Association for Data-driven Marketing and Advertising (ADMA), Jodie Sangster, told CMO that she believed many of Australia’s larger and medium-sized companies are on top of the changes, and have put in place processes to abide by the new rules. These include notices across customer-facing website outlining new privacy policies and rights.

But Sangster expressed concern around the readiness of SMBs and not-for-profit organisations, many of which don’t believe the privacy law changes apply to them, she claimed. The other challenge is that most of these organisations don’t have internal legal resources, staff on-hand, or budgets to hire consultancies to help them act on the information.

“Smaller marketers are challenged firstly on what they have to do, then secondly, how they get this in motion,” Sangster said.

Major challenges all organisations have faced is the notification piece and what that actually means.

“There is a question mark over what notification actually means and how organisations must notify customers,” Sangster said. “Many businesses are comfortable with sending people to a privacy policy without realising that won’t quite cut it under the new laws. There are whole new obligations to be met around proactively telling people what data you have about them. And there is a real struggle around how I do that, when I do that, and do I have to do it on an ongoing basis.”

The second recurring stumbling block is the provision around unsolicited information. According to Sangster, organisations must delete any unsolicited information obtained, nor can they use such information for any future relationship-building exercise. As an example, if someone brings a colleague or wife along to an event they have registered for, this could be unsolicited information and organisations wouldn’t be allowed to keep it.

“The question then becomes if this information has been given by someone for a business purpose, or has it just been given under a different reason. If it’s the latter, we cannot use it for future relationship building,” Sangster said.

“These are the types of things on the peripheral, not in the middle of the radar and therefore will be challenging,” she claimed. “The problem we have is that what the law says and the practicalities are often not aligned. This [unsolicited information clause] seems good in practices, but when you run every business scenario past it, it’s doesn’t work.”

To help member organisations get up to speed, ADMA launched the Data Pass responsible data practice program last October focus on the new privacy and security changes. Sangster said 40 companies have signed up to participate including Telstra, Weight Watchers, Foxtel and Amaysim.

“There is a big need for education throughout the whole industry,” Sangster claimed. “The reaction that we’ve had so far to the classes is that many don’t realise there’s so much to it. Data touches all parts of the business, not just the compliance person and anyone in the organisation that touches data needs to be aware of the changes."

While concerns remain around how prepared organisations are for the privacy crackdown, Sangster said it hasn’t hindered the rise of data-driven marketing across Australian businesses.

“Either organisations have made the changes and they’re ready, or they continue to feel they are compliant with the law as they are, so no one has said ‘stop’,” she said. “That did happen, however, when the spam act came in.”

Sangster’s key tips on getting on top of privacy law changes
  • Do a data audit: Organisations need to get a grip on what has to be done as a first step, even down to single data spreadsheets.
  • Get your front-facing information in order first: This includes the customer privacy policy, opt-out notifications and disclosure statements. These will at least be compliant while you then work on ensuring the whole back-end processes in your organisation meet the new privacy obligations.
  • Train your staff: Teams need to be trained to understand what they have to achieve and abide by, Sangster said. She pointed out there are a number of free tools available around digital privacy and policies from not only ADMA, but also legal firms and other associations. These are a good starting point for getting a grip on what needs to be done.
  • Tackle the new compliance policies in marketing: Sangster encouraged marketers to work on the wording of any new privacy and compliance statements, rather than leave them in the hands of legal teams. This will ensure that any information is couched in a customer approach and is therefore easier to understand as an end consumer.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO Australia conversation on LinkedIn: CMO Australia, or join us on Facebook: https://www.facebook.com/CMOAustralia

Signup to CMO’s new email newsletter to receive your weekly dose of targeted content for the modern marketing chief.

Join the CMO newsletter!

Error: Please check your email address.
Show Comments

Supporting Association

Blog Posts

Top tips to uncovering consumer insights for business innovation

An in-depth understanding of consumers sits at the heart of what we all need to do, but we know it’s not always easy to uncover insights that will unlock a true innovation opportunity.

Matt Whale

Managing director, How To Impact

Is your customer experience program suffering bright shiny object syndrome?

You may have heard of ‘bright shiny object syndrome’. The term is used to describe new initiatives undertaken by organisations that either lack a strategic approach, or suffer from a failure to effectively implement.

Leveraging technology to stand out in the sea of sameness

The technology I'm talking about here is data and marketing automation. Current digital marketing methodology, much as it is practiced at Bluewolf, dictates the need for a strategy that does four things: Finds the right audience, uses the right channel, delivers the right content, and does all of that at the right time.

Eric Berridge

CEO and co-founder of Bluewolf, an IBM Company

Lead Management is very important part of the process. For anyone running Facebook Lead Ads I would recommend using this service.Get your...

Dirk Lo

How this fintech startup is improving content marketing and lead generation

Read more

I am agreeing with Mr. Tyron Hayes that a measured test-and-learn approach could be missing opportunities to not only better engage custo...

rush essay reviews

CMO interview: How Curtin University’s marketing chief is using test and learn to cope with complexity

Read more

Excellent!

Dr Sadasivan,US

Shakespeare shows data and creativity aren’t Montagues and Capulets

Read more

Great article! Agreed with all... Matthew Lerner, Deeps De Silva... When a company has a great product that solves customers needs, a gre...

James Tyler

Why marketers are embracing growth hacking techniques

Read more

Very good article, Social media analytics helps in problem identification. They can serve as an early warning system for negative custome...

BizVinu

Four ways to use social media to boost customer loyalty

Read more

Latest Podcast

More podcasts

Sign in