It’s been 3 years since the amendments to Australia Data Privacy Law were put into action. As it’s been a while, and the dust has settled on some of the world’s largest data leaks, we thought it’s about time to remind you of some of the salient points – and how they pertain to event marketing and event planning.
What are Australian Privacy Principles?
The Australian Privacy Principles are principles-based law. These principles act as a clear guide for Aussie businesses to assure their personal information collection and handling practices don’t break Australia Data Privacy law 2018.
When any of the Australian Privacy Principles are breached, the company responsible is considered to have made an ‘interference with the privacy of an individual’, and they may be liable for regulatory action and penalties.
You can read more on the Australian Government website.
”There are 13 Australian Privacy Principles and they govern standards, rights and obligations around:
- the collection, use and disclosure of personal informationOffice of the Australian Information Commissioner
- an organisation or agency’s governance and accountability
- integrity and correction of personal information
- the rights of individuals to access their personal information
Sharing and storing event attendee data overseas?
Only with permission, and only if the host country has similar privacy laws to Australia Data Privacy Law 2018. If the local privacy laws don’t match up, you may devise a contract that fills in the gaps, provided it can be enforced locally. You are obliged to tell your event attendees when data crosses these jurisdictional borders, and where exactly it is going.
What's the difference between inferred and explicit consent?
Take note of this when you prepare to send marketing communications to your existing clients. In Privacy Laws Australia, there is inferred consent when someone is an existing client or subscriber, but be careful to consider whether or not those contacts have given consent to receive event marketing messages. For example, they may have managed their subscription to opt-out of event marketing kind of messages, and therefore they would not have reasonable expectation for your event content. For example, if I’ve purchased event tickets from you in the past, an early bird offer to attend a similar event would be totally reasonable. A catalogue of pet accessories would not.
Storing event attendee data on the cloud - is it compliant with Privacy Laws Australia?
Once again, storing personal data in the cloud is acceptable with permission, and within the guidelines of the Australian Privacy Principles. Depending on the circumstances, this act could be a ‘use’ or ‘disclosure’ of that data. Take a look at Chapter 6 of the APP for the definitions of these two terms, and some examples.
Sharing event attendee data outside of your business?
As long as you (you guessed it…) get permission, you can share any data that you collect. You must, must make this explicit in your privacy statement, which in turn must be easy and obvious to locate and available as you are collecting the data.