Home Resources The Privacy Series: A defining change in privacy reforrm Compliance The Privacy Series: A defining change in privacy reform To help marketers prepare for the impact that the privacy reforms will have on the industry and our practices, we have created The Privacy Series. Each month we will deep dive into one of the key components set to reshape the Privacy Act to understand what they mean for marketers and their businesses. A defining change in privacy reform While we edge closer to the biggest overhaul of the Privacy Act since its inception, as an industry, we are hanging on tenterhooks for what the changes will entail. Some proposed changes are still under discussion, whereas others we know will definitely be part of the reforms. One key change is the definition of ‘Personal Information’. The scope of Personal Information will become significantly broader by the change of one word. Instead of ‘about’ there will be ‘relates to’. As data-driven marketers, understanding the new definition and how it affects data collection practices is crucial. So, let’s unpack this subtle yet high impact change. What is changing? Currently, the Act defines Personal Information as: information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and, whether the information or opinion is recorded in a material form or not. To the unknowing eye, replacing the word ‘about’ with ‘relates to’ may seem insignificant. However, that now means that Personal Information is information or an opinion that relates to an identified individual, which will have a major effect on data practices. Information ‘about’ a person relates specifically to their identifiable characteristics. For example, Sally Smith, who lives in Pleasantville and works at Bunnings. Whereas information that ‘relates to’ a person might show something about them that isn’t specific to the individual. For example, a specific iPhone user who likes to browse and shop online for clothes as they commute to work each day from point A to point B. The key change in the definition relates to identifiability. Currently, Personal Information is about an individual. That will change to being a member of a group who can be targeted based on information about them, regardless of whether the person/business targeting knows their name. So essentially, the scope of what is considered Personal Information has grown substantially, leaving little room for ambiguity. This means that an expanded scope of data being captured will be considered as Personal Information and therefore will be subject to regulation. As such, moving forward businesses may be exposed to a greater degree of risk of customer privacy being compromised. It would be remiss to neglect mentioning that the 13 Australian Privacy Principles will still apply. Currently the Privacy Act has 13 Privacy Principles that govern the standards, rights and obligations around the collection, use and disclosure of Personal Information. So, while the scope of the Act broadens with the new definition, the responsibility for businesses dealing with Personal Information will not change. Rather, they will just be responsible for more types of Personal information. Business impact – clean data and a clean slate Marketing is responsible for customer trust. Your customers and prospective customers trust you to do the right thing with their Personal Information. This means that the first step is to understand your current data practices. It’s a 5WH question. That is, who, what, when, why, where, and how should be asked about the Personal Information you collect and store. The most important issue is to determine what data you absolutely need and why you need it. This excludes any ‘nice to have’ or bonus data. If you hold data that you do not need, you are exposing your business to risk. This is not just a legal risk. It’s the risk of losing your customers’ trust. A result of this step is likely to mean data shedding. Taking the time and money to invest in a deep clean of your business’s data will undoubtedly be an onerous task but will also be one of short-term pain for the long-term gain. Thoroughly cleansing data as if you’re preparing for an audit or investigation is the best approach to reset your data foundations. Cleaning your data will naturally force your business to really question what Personal Information you truly need to be effective in your marketing and business operations. Taking this step will set your business up for successful compliance with the amended Privacy Act. It is particularly important in meeting the new overarching Fair and Reasonable test. The Privacy Series will explore this further in a follow-up article. However, you will need to be sure that your collection of Personal Information (in its new form) is ‘fair and reasonable’. Until guidance is available from the Privacy Commissioner, thinking about collection in terms of your own Personal Information is a good start. If you would be uncomfortable with the way your business would deal with your information, it’s unlikely to be ‘fair and reasonable’. Starting with clean data and only your essential requirements is an agile and risk-reducing approach. Where you get your data from and where it is stored is also important. Best practice is to use first-party data, rather than relying on third-party data. This means that assessing and investing in the right martech stack particularly Customer Relationship Management systems (CRMs) is essential. In the eyes of the Privacy Commissioner, all organisations will now be considered ‘data-firms’. You need to ensure that you have a compliant CRM platform to capture customer data. That CRM platform must have strong, effective, and proven cyber security capabilities. Determining how your Personal Information is collected and protected will also likely need to be re-examined and internal processes adjusted. Ensure your processes recognise the broader scope of Personal Information. Stakeholders need to be aligned in identifying what Personal Information they are collecting and why. Having a uniform approach to collect, store, and protect Personal Information is critical. Your business also needs a data breach action plan. Under the new amendments, you only have 72 hours in which to notify a breach. With so much data now considered as Personal Information, businesses should start striving for a balance of having enough data to be effective in their operations, but not too much that there is an increased risk of being in breach of the new law. Why we care as marketers – embracing the change to succeed If we strip away the legal and financial ramifications for a moment and focus solely on what unites us all, which is marketing, you will need a comprehensive understanding of the scope of what will be Personal Information to stay ahead of the curve. Marketers will now need to be creative and rethink how and where they get their data from and what data they truly need for success. Rather than spending time battling existing messy data sets and playing catch-up, fixing data sets and changing data practices starting now will see marketers quickly align with the privacy reforms. This will maximise the potential for success of future campaigns and marketing results. With compliance sorted, marketers can continue adapting their thinking and leverage the new regulatory landscape. Then of course there is the bigger picture – the customer. Creating and nurturing customer trust is paramount and these reforms are important in helping us, as marketers, rebuild that trust. Aside from wanting to be ethical in our practices and genuinely being responsible for the proper collection and handling of our customers’ data, we must also consider our brands. Marketers work tirelessly to build and promote the brands we work for. With the major reforms on the way and the scrutiny of both the public and the Government on privacy and the handling of Personal Information, any breach of the law will make headlines. And despite the notion of there being “no such thing as bad publicity”, this is definitely a news story your brand should be trying to avoid. Remember, regulators know that ‘name and shame’ is an effective path to compliance. This is one area where you do not want your name in lights. So while it seems like just a small change of wording, it is clear that the new expanded definition of Personal Information will reshape our marketing practices. This will range from what data we collect and how, to our ability to produce effective campaigns. Ultimately, it changes how we think as marketers. FIND OUT FIRST, STAY CONNECTED Sign up to receive ADMA newsletters, updates, trends, special offers, events, critical issues and more Job role*Agency Account Manager/ExecutiveAgency Account/Strategy DirectorCDOCEO / Managing DirectorClient Service / Sales ManagerClient Service/Sales DirectorCMO / CCO / Marketing DirectorCreative Director / HeadData Analyst / Scientist / EngineerDesigner/Copywriter/Creative ManagerEarly Career Data Analyst / Scientist / EngineerHead of Analytics / Analytics LeaderHead of Category/Customer Experience/InsightsHead of Marketing/BrandHead of ProductHR/Learning and Development ManagersIT Director/ManagerLegal/RegulatoryMarketing ConsultantMarketing Executive / CoordinatorMarketing Freelancer / ContractorProduct / Brand / Digital / Communication ManagerSenior Data Analyst / Scientist / EngineerSenior Marketing/Brand ManagerOther You may unsubscribe at any time using the link provided in the communication. View our Privacy Policy. Filter Resources Filter Courses Capability Capability Campaign Integration Compliance Customer Experience Marketing Technology Insights Learnings Brand Development Content Format Content Format Information sheet Member-only Press-release Article Blog Case Study Data Event Infographic Media Coverage Research Tool-kit Video Webinar Whitepaper Topics Topics CMO Spotlight Global Forum Global Forum 2023 Resource Compliance Resources CEO Blog Compliance Regulatory Content Copywriting Creative Data Data-driven Marketing Digital Campaigns Leadership Social Media Thought Leadership 18th Apr 2023 Submission in response to the Privacy Act Review Report 2022 | ADMA's response Earlier this year, the Attorney General's Department released its review of the Privacy Act. This review outlined 116 proposals - many of which ADMA supports, there are some that could fundamentally change the data-driven marketing and advertising industry as a whole. ADMA’s submission outlines positions that our members from across the data-driven marketing industry have expressed to us. To read ADMA's submission, click here. Article 27th Mar 2023 5 mins 3 things you need to know about the Spam Act Nobody likes receiving pointless marketing emails, especially if they haven’t asked for them. Spam legislation exists to set out responsibilities for organisations who send commercial emails. Article 16th Mar 2023 3 mins ADMA encourages industry discussion & input in response to Privacy Act Review Report The Association for Data-driven Marketing and Advertising (ADMA) is calling on the industry to have its say to help shape the Government’s Review of the Privacy Act. Article 23rd Feb 2023 15 mins Privacy Act Review Report proves Australia is paving its own way Can’t get your head around the recently-released Privacy Act Review Report and its sweeping raft of changes? Sarla Fernando, ADMA’s Head of Regulatory and Advocacy starts to break down what marketers need to know. Article 08th Dec 2022 23 mins ACCC Digital Platform Service Inquiry Summary On 11th of November 2022, the ACCC released the fifth interim report for the Digital Platform Services inquiry. The report discusses observed harms to consumers from digital platform services and provides recommendations and solutions for them. Article 01st Dec 2022 14 mins 5 common examples of misleading and deceptive conduct When it comes to Australian Consumer Law, misleading and deceptive conduct covers a lot of ground. Read on to learn more about it – and how to avoid it. Load More
18th Apr 2023 Submission in response to the Privacy Act Review Report 2022 | ADMA's response Earlier this year, the Attorney General's Department released its review of the Privacy Act. This review outlined 116 proposals - many of which ADMA supports, there are some that could fundamentally change the data-driven marketing and advertising industry as a whole. ADMA’s submission outlines positions that our members from across the data-driven marketing industry have expressed to us. To read ADMA's submission, click here.
Article 27th Mar 2023 5 mins 3 things you need to know about the Spam Act Nobody likes receiving pointless marketing emails, especially if they haven’t asked for them. Spam legislation exists to set out responsibilities for organisations who send commercial emails.
Article 16th Mar 2023 3 mins ADMA encourages industry discussion & input in response to Privacy Act Review Report The Association for Data-driven Marketing and Advertising (ADMA) is calling on the industry to have its say to help shape the Government’s Review of the Privacy Act.
Article 23rd Feb 2023 15 mins Privacy Act Review Report proves Australia is paving its own way Can’t get your head around the recently-released Privacy Act Review Report and its sweeping raft of changes? Sarla Fernando, ADMA’s Head of Regulatory and Advocacy starts to break down what marketers need to know.
Article 08th Dec 2022 23 mins ACCC Digital Platform Service Inquiry Summary On 11th of November 2022, the ACCC released the fifth interim report for the Digital Platform Services inquiry. The report discusses observed harms to consumers from digital platform services and provides recommendations and solutions for them.
Article 01st Dec 2022 14 mins 5 common examples of misleading and deceptive conduct When it comes to Australian Consumer Law, misleading and deceptive conduct covers a lot of ground. Read on to learn more about it – and how to avoid it.