SYDNEY – The Australian government has drawn up a new privacy
code that bars transfer of data to US list companies without adequate protection. The Australian DMA supports the move and plans to integrate it into the ADMA's own privacy code.
The guidelines, titled “National Principles for the Fair Handling of Personal Information”, state that an organization can only “send personal information overseas if it will be properly protected there.”
Proper protection means that companies must keep information secure, be open about handling personal data, give people access to the information and include an “opt out” provision to decline further DM communications.
Businesses may only collect personal details that are actually needed. They must let people know what they intend to do with the information, and can only gather data directly from individuals, rather than from other sources.
Information may only be used in the form an individual has approved. Collection of data about people's race, religion, sex life or political beliefs is strictly limited.
The new code was drafted by the Federal Privacy Commission this spring and is expected to win final approval in September, thus becoming law well in advance of the EU data protection directive's due date of October 24.
Without the law Australian companies might have faced problems dealing with European companies, ADMA spokesman Scott McLellan said. The directive bars data transfer to nations without adequate privacy safeguards.
“This was one reason for drawing up a new code. It will mean ADMA's code will match the requirements of the European law,” he added.
Another was the explosive growth of direct marketing during the Australian recession of the early nineties when marketers began looking for more cost-effective methods to sell products and services.
The Australian DM industry now accounts for upwards of A$6.32 billion ($3.76 billion) a year.
But this unchecked and rapid expansion brought criticism from members of the public and politicians.
Prime Minister John Howard, who has generally taken a liberal view of direct marketing, said in March 1997 that he would not introduce privacy legislation for the private sector, preferring to work through industry codes of practice.
His hand was forced by several Australian states, however, who moved into the guideline vacuum with threats to introduce their own local privacy legislation.
This past winter the government convened several “sweatshop meetings” with representatives of teleservices, financial services, direct marketers (including the ADMA's CEO Rob Edwards) and consumer groups.
“It wasn't easy,” said Edwards. “There were many issues of contention, but at the end of the day I believe that the industry will be able to work with the outcome and the agreement we reached will appease privacy advocates.”
He said the guidelines also represented a “good start” towards developing an appropriate privacy regime for the twenty-first century, when direct marketers increasingly will utilize new electronic technologies.
The government's privacy commissioner, Moira Scollay, said she hoped the code gives consumers a “comfort zone” as far as their personal data is concerned, while safeguarding legitimate business needs.
Most direct marketers in Australia have welcomed the guidelines.
“It's good for customer business, quite frankly, to ensure that your customers have a level of trust in what you're providing,” said Di Collins, director of public affairs for American Express.
“We simply didn't cost it out. It's part of the culture,” she added.
American Express already has own its guidelines, which include the commitment to only collect information as necessary and dismiss employees for privacy breaches.
Except for serious crime investigations, the company notifies cardholders before releasing information, giving them a chance to veto access.