Have no fear though as the new legislation only affects Australian businesses with annual revenues greater than $3 million and who collect personal information from individuals.
However, there are some exceptions to that (for example if you are a health care provider) so if in doubt – seek legal advice. The good news is if you have already been sticking to the SPAM Act then all should be fine and dandy but some best practise guidelines on what you should do to manage your customer data and stay compliant are below.
In terms of the changes that could impact you as a Small Business then the main one is the 13 new Australian Privacy Principles (APP's) which look at how business collect, store and use personal information.
What you should start doing from now
Whilst the new law only applies to businesses with yearly revenues in excess of $3 million, there are still things you can start do as a business now (if you're not already):
- Only collect information that you need from your customers. For example – there is no need to ask for sensitive information such as a Driver's License number from someone who has subscribed to your newsletter.
- Don't keep hold of customer information for any longer than you need to and if you haven't been given consent to use data in the first place then discard it. Click here for more information on consent.
- If you send out any email marketing communications you need to give people the option to "unsubscribe". What does this mean? Basically it means that if a customer receives an email from you and no longer wants to continue receiving them in the future, they need to be able notify you of that wish. What's more, the "unsubscribe" option needs to appear in every single marketing communication regardless of the medium used. So, whether on a piece of mail in the post, an email, or a telephone call, people need to have the option to opt out at all times.
- If you plan to use any of the information provided overseas then you need to take reasonable steps to ensure that there are no breaches to the data privacy principles overseas.
- You should steer clear of collecting any sensitive information, such as political beliefs, race, religion etc. as consent is needed for gathering this kind of data and it has the potential to cause problems for you.
- Try to keep on top of the latest legislations to ensure that you are on top of any changes to it and abreast of the implication of those changes for your business.
For more detailed information on the new APP's take a look at this quick reference tool from the Office of Australian Information Commissioner.