Overview of engaging in direct marketing

At the most basic level, direct marketing involves the use of personal information to promote goods and services.

Direct marketing can occur via many different channels and take on many different forms, from:

  • sophisticated targeted online campaigns;
  • promoting a new product range via electronic message; or
  • soliciting customer feedback (and gently spruiking a new service) via phone to good old-fashioned snail mail.

Whether you are advising a client on the launch of a new product range, or the organisation you work for is rolling out a global client feedback survey with an option to upgrade to the latest software service package, direct marketing is likely to be an issue you are going to have to tackle at some point.

The direct marketing landscape provided for under APP 7 - Direct marketing is very customer/consumer-focused. In fact, direct marketing is prohibited, unless an exception applies.

In addition, direct marketing has become more complex due to the engagement of third parties to execute direct marketing campaigns or facilitate back-end technical support (eg cloud-based solutions for an SMS marketing campaign).

In any case, engaging third party providers and entrusting them, in many cases, with your most valuable data (your customer or client lists) increases the cyber security risks. There is an increased risk of misuse, interference and loss, as well as unauthorised access, modification or disclosure of such personal information.

In addition, even if you do engage in direct marketing, the customer/consumer focus of APP 7 - Direct marketing has strict mandatory opt-out provisions.

If you breach APP 7 - Direct marketing because you have engaged in direct marketing when you did not have the right to, or you failed to include mandatory opt-outs or failed to implement an opt-out, not only could you be in breach of Australian privacy laws, but the risk of reputational damage and loss of customer base is significant.

In this subtopic you will learn:

  • when can an organisation engage in direct marketing (see Identifying sources of obligations for direct marketing and Engaging in direct marketing);
  • the application of the direct marketing regime and other related laws such as the Spam Act 2003 (Cth) and Do Not Call Register Act 2006 (Cth) (see Engaging in direct marketing);
  • issues to consider when engaging third party contractors and how to mitigate cyber security risks (see Engaging in direct marketing); and
  • how to construct mandatory opt-outs across various direct marketing channels (see Constructing direct marketing messages and mandatory unsubscribe facilities).