Skip to content

Privacy Act – 13 principles every marketer should know

Privacy Act – 13 principles every marketer should know

Share this blog

Did you know there are 13 Australian Privacy Principles (APPs) which can significantly impact marketing campaigns in the way data is collected, used, stored and archived?

With the rise of cyber threats, it’s vital marketing and communications professionals are aware of the privacy principles to not only protect clients and the business, but also the data we are collecting.

Here’s how each APP can affect marketing practices:

  1. Open and transparent management of personal information: Privacy policies need to be clearly communicated and available to consumers, detailing how personal information is collected, used, and managed. Regularly check privacy policies on your website(s) meet industry standards. Transparency with AI is the next big thing, and any data filtered through AI tools should explicitly state this at the point of data gathering.
  2. Anonymity and pseudonymity: Provide options for individuals to interact anonymously in situations where identity verification is not necessary. This could be commenting on a website, surveys and feedback forms, or in marketing campaigns creating pseudonym personas like “The Guru”, to talk about products.
  3. Collection of solicited personal information: Only collect personal information that is necessary. Avoid excessive data collection and be clear about why each piece of information is required. This is often found in sign up campaigns and data may include, name, email address, phone numbers, and birthday e.g. for special birthday discounts.
  4. Notification of the collection of personal information: When collecting personal information, consumers must be informed about the purpose of the collection, how it will be used, and any potential disclosures. This includes updating privacy policies and providing clear notices at the point of data collection.
  5. Dealing with unsolicited personal information: Receiving personal information when not requested must be handled appropriately. This information might have been received from third-party platforms or public sources. Organisations must securely dispose of or de-identify this information.
  6. Direct marketing: Provide clear options for consumers to opt-out of receiving direct marketing communications (enewsletters / SMS). Respecting opt-out requests is essential; once someone opts out, all communications to them from that channel must cease as soon as possible. Including a question about why a consumer is choosing to unsubscribe can offer valuable actionable insights into consumer preferences and potential dissatisfaction.
  7. Use or disclosure of personal information: Only use personal information for the purpose(s) for which it was collected, unless you obtain additional consent for other uses or if an exception applies. And only share or sell this data to third parties if it was made clear at the point of data collection that this may occur.
  8. Cross-border disclosure of personal information: If a marketing campaign involves sharing personal information with overseas entities, marketers must ensure the third-party organisations comply with the APPs and obtain explicit consent from individuals for cross-border data transfers.
  9. Adoption, use or disclosure of government related identifiers: Avoid using government related identifiers such as Tax File Numbers, Medicare numbers, Passport or identifications, for marketing purposes as these are subject to strict controls.
  10. Quality of personal information: Marketers must ensure the personal information they use is accurate, complete, and up to date. This involves regular data cleaning and verification processes.
  11. Security of personal information: Implement robust technical and organisational security measures to protect personal information from unauthorised access, misuse, or breaches. Marketing tools like Campaign Monitor, Mailchimp and HubSpot, often have their own safeguards including industry standard data encryption protocols.
  12. Access to personal information: Provide individuals with access to their personal information upon request and allow them to correct any inaccuracies. This could be via a login option to manage their own details and subscriptions.
  13. Correction of personal information: If individuals request corrections to their personal information, marketers must promptly update their records to ensure accuracy and completeness.

We are living in the cyber age, with more and more threats to the digital identity, it’s vital that businesses protect their clients and are transparent and take appropriate care of data. By adhering to these principles, you can build trust with consumers, avoid legal repercussions, and create more effective and responsible marketing campaigns.