New Page 1

SPAM & CHIPS

An introduction to privacy law for smaller businesses

Privacy is constantly in the news – often associated with new technology or major computer systems (hence ‘chips’ J ). And now there are controls over commercial electronic messaging (‘Spam’) which seem to overlap with privacy laws.

Q. How do these laws affect smaller businesses?

A. Should not be a major problem, and there is a low risk of penalties, but businesses should be aware…

Privacy Act 1988

Application to private sector generally since 2001/2
Small business exemption (< $3 million turnover) but not if you ‘trade’ in personal information or handle health information
Employee record exemption – but limited and under review
Combined effect – many small businesses currently exempt
National Privacy Principles – ‘good housekeeping’ for personal information
Personal information is anything that relates to an individual, even in a business capacity
Main emphasis is on notification (privacy policy or statement) and security
Includes limits on direct marketing, but only requires you to offer ‘opt-out’, but not even this if use is related to purpose of collection, and is ‘reasonably expected’.
Limited sanctions – complaints to Office of the Federal Privacy Commissioner (OFPC) and theoretically unlimited compensation, but no fines or criminal offences, and OFPC grossly under-resourced, and not a strong enforcer to date.

More information: www.privacy.gov.au

Privacy issues

Hot topics include: Health records; Smartcards and RFID; Workplace monitoring; Credit reporting; Debt collection; Tenancy blacklists; CCTV and Mobile phone cameras; Spent convictions; Biometric identification; Genetics and DNA; Telephone interception; Data-matching, and much, much more. (see www.privacy.org.au )

These issues still have to be managed, even if Privacy laws don’t strictly apply …. They may not affect you now, but they are not going away!

Spam Act 2003

Since April 2004 – applies to anyone sending unsolicited commercial E-mail (also SMS/MMS but not phone or fax) – not just in bulk.
Must have prior consent (opt-in). This can either be express or inferred
Consent can be inferred either from an existing relationship (not just a one-off purchase) or from conspicuous publication of the address (but this only allows relevant messages)
All commercial E-mail must identify sender and have a ‘functional unsubscribe facility’ – 5 days to act on a request to stop sending
Major penalties – up to $220,000 ($1.1 million for repeat breaches)

By comparison with the Privacy Act, the Spam Act seems draconian, BUT ….

Aimed primarily at real ‘junk’ – mostly overseas origin
Australian Communications Authority (ACA) has limited resources to monitor & investigate.
ACA will focus on major spammers, and overseas cooperation
Provided unsubscribe facility offered, unlikely to be penalized just for absence of prior consent.
Prior consent in any case likely to be interpreted liberally – certainly any email address obtained from business cards, stationery, web sites etc are still fair game for relevant marketing (but not using address-harvesting software)

More information: www.acma.gov.au – go to ‘Spam’ pages

And as a consumer …

We are all individuals as well as in business – as such we have the same rights as our customers under both the Privacy and Spam Acts to complain if other organizations breach our privacy. Government agencies are also subject to privacy laws – federal or state (see www.privacy.gov.au and www.lawlink.nsw.gov.au/privacynsw.

Home Page