Home Articles Five things you need know about the new privacy legislation (before it’s...

Five things you need know about the new privacy legislation (before it’s too late!)


Enlightening data is emerging as many firms’ most precious asset. As technologies advance, marketing methods and the where and how data is collected has changed dramatically over the last decade.

Organisations are creating data at rates never seen before, from customer transactions, web communities, website visits, smart devices – the works. With this comes a responsibility to take privacy more seriously.

Therefore, a legislation reform has come into place in order to formalises best practice business procedures, compel businesses to review their marketing strategies and put data management processes in place to protect the consumer.

The new privacy laws came into affect on 12 March 2014, and for the first time, Australian businesses are facing serious penalties if they don’t follow the guidelines. So what does it all mean for SMEs? Is your business ready? Here are five things small business owners will need to know about the latest privacy law changes.

1. What is it?

The new 13 Australia Privacy Principles (APPs) focus on how businesses collect, store and use personal information. Replacing existing Information Privacy Principles and National Privacy Principles, they make some important steps in protecting privacy, particularly with the collection and use of data online.

They also give the Privacy Commissioner expanded powers to investigate firms without waiting for a complaint to be made first, and enforce penalties. Up to $1.7 million for each contravention by the company and $340,000 for individuals to be exact.

2. Who does this effect?

The new legislation only affects those Australian businesses with annual revenues greater than $3 million and who collect personal information from individuals.

But, just because businesses don’t fall into this category doesn’t mean they shouldn’t follow the rules. The APPs represent best practice for all businesses. Additionally, when an SME business does tick over the $3 million mark, it will be a lot more efficient to know that data collected and procedures in place are compliant and useful.

3. When is it all happening?

The APPs came into play on the 12th March 2014, so in order to avoid fines you need to be fully compliant.

4. How can you comply?

According to Salmat, there are some general practices every business can apply:

  • Only collect information you need.
  • Ensure that individuals know what you are collecting and why – preferably at the point of collection with a link to your privacy policy. For example, you need to tell any visitors to your website if you are collecting information on their browsing habits, and why.
  • Provide customers/prospects with the option to be anonymous, unless of course it is impractical to the business function; for example, you may need it for delivery purposes.
  • You’re allowed to use personal information for direct marketing, but always include a simple opt-out process.
  • Will information be sent overseas? One of the most significant to the privacy laws means you now need to take “reasonable steps” to ensure the principles are not breached overseas.
  • Don’t keep information you no longer need, didn’t ask for or didn’t collect in the first instance.
  • Avoid collecting any sensitive information, for example, race, health status etc as consent is required and can get very messy.
  • Most importantly, assign a “champion” in the office, so they are up-to-date with the latest legislations as it could change later on the future.

 5. If legal speak doesn’t render well with you and all the Acts are confusing, swipe these resources:

ADMA Code of Practice – for guidance on industry best practice for conduct in relation to marketing and advertising and the use of data.
ADMA Group Buying Code of Practice – sets an industry standard of conduct for group buying platforms.

The Australian Best Practice Guideline for Online Behavioural Advertising – this provides a guidance in the use of web browsing data for online targeted marketing.

The Australian e-Marketing Code of Practice – this provides a detailed compliance overview of how to comply with the SPAM Act.

Nalini Kara is the Product Director for Data Services at Salmat Digital. Her experience as a Data Analyst and Modeler goes back over 20 years.