Privacy compliance is one of those areas that seems to confound and confuse. So today we're taking a look, in simple terms, at what’s involved.
Do I need to comply with privacy and spam laws?
If your annual turnover is $3 million or more then you must comply with privacy laws. You have to comply with spam laws regardless of your turnover.
Remember that privacy and spam laws are not the same thing. There is some overlap between the two, however they are separate laws.
What do I have to do to comply?
For privacy laws, you must at a minimum have a privacy policy, and you must also use an information collection statement.
The purpose of a privacy policy is to give people key information about what you collect, how and why you collect it, the purpose(s) for which it will be used, how it will be stored and how you can be contacted.
The privacy policy usually sits in the background on a company’s website.
An information collection statement is separate and much more specific.
You use it at the point and time of actual collection of personal information to give people basic information about what you are doing with their personal information. You often see these statements on forms.
For spam laws, you must have recipients’ consent before sending commercial electronic messages. Each message must clearly identify the sender and include an unsubscribe facility.
When can I use and disclose the information I collect?
You can only use and disclose personal information for the purposes for which it was collected.
The rule of thumb is that you can’t use or disclose an individual’s personal information for other purposes without consent.
But what about marketing?
You can use personal information for marketing if you have collected it for this purpose and have said in an information collection statement at the time of collection that it will be used for this purpose (and people can opt not to).
Generally speaking, you can also use it for marketing if consumers have a reasonable expectation that you will do so and you provide an unsubscribe option. Best to get advice on this before proceeding.
You must have consent to send commercial electronic messages.
I turn over less than $3 million, should I bother?
If you want to market your business electronically, or if you think you may one day want to sell your customer database, it makes sense to comply from the outset.
A privacy and spam law compliant customer database is worth a lot more to a prospective purchaser of your business.
ABOUT THE AUTHOR
David Kelly is the founder of KHQ Approved, a fixed fee commercial contract review service. Peace of mind from an experienced team for a reasonable price.
RECOMMENDED FOR YOU
Instagram Introduces Trial Reels for Creative Testing
Instagram has introduced Trial Reels, a feature designed to…
Instagram has introduced Trial Reels, a feature designed to…
LinkedIn Culls Community Top Voices (Gold Badge)
In a move that could reshape how professionals engage…
In a move that could reshape how professionals engage…
TikTok Expands Search Ad Campaigns
TikTok has made a significant move into the world…
TikTok has made a significant move into the world…