Data Breach
1. Permission (Consent)
The recipient must give permission for the message to be sent.
There are two types of permission. Express or inferred.
i Agreeing to directly receiving messages (e.g. subscribing to mailing list).
ii Inferred is when you deduce from an individual’s business (e.g. hold a bank card, bank may contact with related offers).
2. Identification
Sender’s details must be in the message. As a result they have to be clear, accurate and easy to access. Otherwise, you may be breaching the Australian Spam Act 2003. . In addition, the information must be accurate for at least 30 days.
- You need to include registered trading name and contact information (e.g. phone number, address or email address)
3. Unsubscribe
Opt out must be available to stop receiving messages.
Instructions on how to stop receiving messages must be clear, obvious and work for at least 30 days after it was sent.
In addition, those requests have to be actioned within 5 business days.
Also can’t use a premium number for unsubscribing.
Exemptions
There are some commercial messages that exempt from the Spam Act 2003
Thus can be sent without permission and do not require an unsubscribe option.
Still required to follow the identification requirements.
- Factual messages – don’t contain any commercial material. E.g. appointment reminder
- Exempt organisations – include registered charities, educational institutions, government bodies or registered political parties.
- Breaches of Control of Broadcasting and ownership. Failure to comply with a notice is an offence under the Broadcasting Services Act 1992.