How to Comply with the New APP as an Online Marketer

Compliance with the new privacy policy rules is a tedious task for some businesses and will be just a review of all ready in place procedures for others. No matter where you stand on implementing the new law, here are some good practices for you to review and ensure are implemented.

In this article, we explain practical ways you can comply with the new APP which also happens to follow best practices.

Update Your Privacy Policy

If you haven’t updated your privacy policy in a while and/or don’t display a privacy policy at the point of collection, now is the time to add one.

APP 5 states you must provide notification of you privacy policy at the time of the collection (either directly from the individual or from a third party) or as soon as reasonably practical after the collection.

Checklist Recommendations

  • Update your privacy policy: get legal to update your public-facingpolicy in regards to APP
  • Provide a link to your policy: on every landing page, contact-us form or other form that collects personal information
  • Provide your policy to employees: ensure employees at every single touchpoint collecting customer information (including anonymous data) are familiar with the policy

Clean Out Old Data

The new APP requires your privacy policy to have been displayed at the point of collection of personal information.

Most likely, your entire database was collected without an APP-compliant privacy policy (or any at all), and technically you should now make all your contacts aware you hold their data and that your privacy policy has been updated.

Checklist Recommendations

  • Remove records with invalidemails: clearly they are out of date
  • Remove/anonymize old data: which is more than one year old. If you wish to keep it for analytics, then anonymize it by hashing (one-way encrypt) personal identifiers (e.g. last name or driver’s license number)
  • Notify email recipients: add a statement concerning your updated privacy policy in the footer of every email you send out

New APP

In this article, we explain practical ways you can comply with the new APP which also happens to follow best practices.

 

Email and Marketing-Automation Tools

Do you use an email or marketing-automation tool hosted offshore? Most are U.S. based and thus hold your customer data offshore. This now affects you as a marketer.

The APP states you must now ensure that your overseas provider does not breach the Australian Privacy Principles – somewhat difficult to enforce!

However, the exception to this is if you expressly inform the individual you will be disclosing their data overseas and give them the option to opt-out.

Checklist Recommendations

  • Revise vendor contracts: have legal revise your contracts with your overseas provider, and/or
  • Add a hosting statement to your email footer:concerning your hosting of data overseas (specifying the countries included) in the footer of every email you send out, and include an opt-out from overseas hosting

New APP

In this article, we explain practical ways you can comply with the new APP which also happens to follow best practices.

 

Add Data Self-Management

Do you give your prospects and customers a way to self-manage their data?

Not only does the APP require you  to “ensure that the personal information that the entity collects is accurate, up-to-date and complete,” you also need to “give the individual access to the information” and allow the individual to correct that information.

Checklist Recommendations

  • Add a facility for the individual to access their personal data in a subscription centre, and
  • Request or actually make changes to their own personal data

New APP

In this article, we explain practical ways you can comply with the new APP which also happens to follow best practices.

 

Revise Your Data-Handling Processes

While your IT is responsible for the security of your marketing systems, you are responsible for the way you and/or your staff handle this data. Often, data breaches occur through marketer error or ignorance, rather than through hackingbreaches.

The APP states you must ensure you protect the information:

  • from misuse, interference and loss; and
  • from unauthorised access, modification or disclosure

You are also required to delete (or de-identify) out-of-date or unneeded personal information.

Checklist Recommendations

  • Train your marketing staff: in the new APP principles and have them read the principles found atOAIC
  • Create processes:ensure you have clearly stated secure processes for handling private information
  • Review and tighten the access: to personal data by your marketers, especially access rights in your email or marketing-automation platform
  • Regularly delete or de-identify old data in your database. De-identification (or anonymization) can be done by hashing (one-way encrypt) personal identifiers (e.g. last name or driver’s license number)
  • Brief your overseas providers in a countdown to the launch of the new laws on 12 March

Suggested Posts

Why Use a Digital Marketing Agency?

Outsourcing your digital marketing to an agency is often a better choice then attempting digital marketing in-house.

Webinar Winning: Secrets of a Weatherman

Webinars have the ability to attract new prospects to your website and help nurture existing prospects down the sales funnel.

The New Australian Privacy Principles in Plain English

Are you ready for the new Australian Privacy Principles (APP) coming in March 2014? If not, you could soon be personally feeling the sting.

How to Win Valentine’s Day the Marketing Way

Spending big dollars for Valentine’s Day is for suckers. Impressing someone doesn’t have to be expensive – you just need to spend your money wisely. And who knows more about return on investment, or ROI, than marketers?

Skip to toolbar