Title Image

Protecting Consumer Privacy in the Digital Age.

Protecting Consumer Privacy in the Digital Age.

On the 12 March 2014 the Australian Government made effective some changes to the current privacy laws around how to collect, manage and use consumer information.

Behind these changes is the growing appetite by Australian businesses and organisations to capture personal and behavioural data in an attempt to understand everything they can about consumers from consideration to purchase and beyond – via both online and offline channels.

The new privacy amendments are in place to add a layer of protection to consumer privacy in an increasingly digital and data-driven world.

So what are the changes and who are they relevant to?

The changes provides businesses with a set of mandatory principals (Australian Privacy Principles or APPs) that apply to all organisations that collect personal information and have a minimum annual turnover of $3 million.

Summary of key changes:

  1. The privacy commission department has more enforcement powers. They can proactively look at companies and decide if they are in breach and if so, they can issue fines of up to $1.7 million. They can also publically name and shame a company and order them to fix the issues.
  2. Businesses and organisations must make it clear when consumer information is being collected and consumers must be asked to opt-in. This collection statement needs to tell them how their data is going to be used and where it’s going to be held. Any changes to the way businesses and organisations manage and use data need to be communicated back to consumers.
  3. Consumers have the right to choose to remain anonymous. They are empowered to decide what information they do and don’t share.
  4. Opportunities to easily opt out of communications using appropriate technology must be on every single piece of marketing material across every single channel. And most importantly if consumers do choose to opt out, they must be suppressed from future marketing communications.
  5. All parts of the business need to be compliant e.g. I.T, Marketing, Customer Service etc.
  6. Businesses and organisations must be able to answer direct questions from consumers regarding where their data was sourced, what information they hold and enable them to make changes to their records as needed.
  7. Businesses and organisations cannot collect data unless it is considered to be reasonably relevant to the products/services that it provides.

Privacy check list for relevant businesses and organisations:

  • Ensure systems, procedures and practices are in place across all departments.
  • Ensure all staff are trained and complaint with the company privacy policy.
  • Create an up-to-date privacy statement that consumers have access to.

Recommendations for privacy statements are:

  • Easy to read
  • Short and concise
  • Plain language
  • Use of headings to enable consumers to easily navigate content
  • Key summary points at the beginning of the document
  • Accessible to all types of consumers, via all relevant channels
  • Appoint someone to be in charge of consumer privacy and make it clear how to contact this person or department

Summary from a CRM perspective:

Make sure you are focusing your marketing efforts on consumers who are most likely to want to have a relationship with you.

This can be done by:

  • Inviting them to share their data with you (rather than taking it)
  • Giving them compelling reasons to give you permission to use it e.g. demonstrate how you enhance the value and experiences for them
  • Only collecting data that you intend to use at any given stage
  • Making it easy for them to opt-out by using the appropriate option for the communication channel e.g. STOP on a text message, unsubscribe link on an email etc.


  • ADMA – World of Privacy, 2017
  • B&T – Opt-out options mandatory on marketing communications
  • Communications Council Org Newsletters 2013 – New Privacy Laws, July 2013
  • OAIC – Privacy Media Releases