| Privacy | Spam | Do Not Call Register | Business issues to consider | |
| Type of personal information collected (other than sensitive information) | Name, address. Email address, mobile phone number | Email address, mobile phone number | “Non-business” telephone number or mobile phone number, fax number (both personal and business). | If your business collects or uses any or some of those details about a customer, you will need to comply with the Privacy Act 1988, the Spam Act 2003 and/or the Do Not Call Register Act 2006. |
| Type of marketing/ promotional activities undertaken | Specifically covers “hard copy” direct marketing but potentially covers all types of marketing and promotional activities. e.g. mail marketing, personalised brochures and flyers, personalised letter drops | Electronic direct marketing (EDM) e.g. commercial emails, SMS, MMS | Telemarketing calls, marketing faxes e.g. outbound telephone calls for the purpose of cross-selling, faxes sent to customers promoting goods or services. | If you use the customer personal information to promote or market your business’ goods or services, then you must comply with these legislation. Please note there are other requirements imposed by each legislation as well as other industry specific obligations that you must also comply with. You should obtain legal advice specific to your needs and purpose. |
| Is customer consent required to market to them? | Yes – unless the following exceptions apply:
| Yes | Yes – if the mobile number or telephone number is not registered on the Do Not Call Register (that is, the telephone number or mobile number is “washed” against the list of the Do Not Call Register). | |
| Is an “opt out” mechanism required? | Yes – must maintain a simple mechanism allowing the customer to “opt out” of receiving further direct mail and customer has not “opted out”. | Yes – must maintain a functional unsubscribe facility for 30 days or more after the electronic message is sent. | Generally, no but other legislation may impose specific obligations. | It is important that you have internal facilities to allow customers to “opt-out” of receiving marketing and promotional and processes in place to record and monitor them. |
| What must be included in the “Opt out” message | “Hard-copy” direct marketing must:
| Commercial electronic message must:
| Generally, no but other legislation may impose specific obligations. | One way to comply with this requirement, for an example, is to make sure your marketing letters contain the following statement: “If you longer wish to receive [newsletters/sales brochures] from us, please call us on [telephone number].” In an email, you may wish to have the following statement in the email: “If you wish to unsubscribe from receiving emails from us, click [here].” The link to unsubscribe from receiving marketing and promotional emails must be working and remains so for 30 days after the date of the email. |
| Time frame for “opting out” | A reasonable time (e.g. 30 days). | 30 days from the date the electronic message is sent. | Any time during the call. | See above. |
| Potential penalty for breaches | Up to $1.7m. | Up to $360,000 for companies and $90,000 for individuals. | Up to $360,000 for companies and $90,000 for individuals. | In addition to monetary penalties, there is also reputational risk to your business. |
