Prove your best intentions
There are better reasons for complying with the new laws, however. Most importantly, being seen to be addressing customers' privacy will go a long way towards building a trusting relationship with them. In turn, they may be more willing to share details of themselves with you. And if you violate that trust? These days, a negative comment can circle the world in a heartbeat.
The challenge is to convey to customers that their information is safe to you. One way to reinforce this point is to make sure every page on your site includes a link to a clearly stated privacy policy. And that doesn't mean some wishy-washy blanket statement like the ones on many sites; in this case, honesty is best. Specifically outline what information you collect about your customers, why you're collecting it, where and how it will be stored, and what customers should do if they have any more questions or want to opt out of marketing.
-If you imagine yourself as a responsible player in the community at large, you're going to want to make sure you do what the act requires, which reflects what the community requires and what it should be," advises David Jones, partner in charge of business strategy for KPMG's financial service consulting business. -If you're going to spend money on improving and dealing with data, you're better off getting data right and putting processes around it, and making sure it's used appropriately."
Making customers feel comfortable about your data protection processes is essential to building long-term, profitable online relationships. As a sign of your good faith, you may do well to contact the Australian Privacy Compliance Centre (www.privacycompliance.org), which offers privacy consulting services and works closely with eTick, administrator of the Australian Privacy Seal Audit and Certification (APSAC) program.
To get APSAC certification, your privacy policies and data handling procedures need to be audited by JAS-ANZ certified organisations (searchable list) or law firms. Once you've been certified, you'll be allowed to tag your Web site with the Australian Privacy Seal, a small logo that tells potential customers that your policies are up to scratch. APSAC participation also gives you access to a centralised dispute resolution scheme that will help deal with any sticky issues down the road.
Whose privacy is best?
While APSAC certification should be your goal, there are many ways to reach it. To this end, you'll have to decide whether you want to simply comply with the terms of the Act, or whether it's worth it to hold yourself to a stricter standard. This is particularly the case if you want to do business with Europeans, since the law on its own doesn't meet European Union requirements.
Aiming to add their own spin to Australia's legislation, at least two industry organisations have built new binding codes of practice based on the National Principles for the Fair Handling of Personal Information that preceded the current Act. The Australian Direct Marketing Association (ADMA), for one, wrote a Code of Practice adding specific provisions such as telemarketing and e-commerce standards, a seven-day cooling off period for customers, and the ability for customers to put themselves on a specific list to which ADMA members must not advertise.
-Marketers walk the line every day between having enough information to make their offers relevant and not having so much that they're perceived to be prying into peoples' lives," says Scott McClellan, regulatory affairs director with ADMA.
-The dilemma they face is that in order to be effective as marketersâ€"and for their offers not to be perceived as unwanted or irrelevantâ€"they need a certain amount of information. We advise them to focus on good customer relationship techniques, and customer acquisition strategies that use techniques to bring customers to you. It's considered more customer-friendly to post a really interesting Web site and have people coming into the site make a decision to offer themselves up as prospects."
ADMA has made adherence to the Code of Practice a condition of membership, and it's been cleared by the Australian Competition and Consumer Commission under the Trade Practices Act s88(1) despite initial concerns that it was an anti-competitive moveâ€"in that blacklisting under a mandatory scheme could indelibly taint a company's reputation. Given its clear acceptance, you may do well to follow the ADMA Code of Practice as well as the specific letter of the law.
If you're specifically concerned about being able to sell to European customers, you'll want to look at the Internet Industry Association's (IIA) evolving Code of Practice. In August, that organisation's Privacy Virtual Taskforce debuted privacy provisions for public comment; the final text will be firmed up in the leadup to the Act's December 21 deadline.
The IIA's privacy policies generally deal with ensuring that Australian companies can import information from Europe, include direct marketing restrictions, and require companies to obtain parents' consent before collecting information about children.
