Dear Eliot,

There are many issues that are, or should be, keeping direct marketers awake at night and this update will focus on four – many others are being addressed in depth by ADMA’s Councils.

The Australian Law Reform Commission (ALRC) has indicated that the changes to the Privacy Act 1988 that it is likely to recommend to the Federal Government will include:

• abandoning National Privacy Principle (NPP 2) and replacing it with a specific Direct Marketing Unified Privacy Principle (UPP 6) that fails to recognise the difference in relationships between organisations and their current customers versus prospects;
  
• broadening the working definition of direct marketing to include virtually all direct communication;
  
• broadening the definition of ‘personal information’ to include information that might ‘reasonably identify’ an individual from information that an organisation ‘has the capacity to access or is likely to access’;
  
• making it mandatory for companies to tell current and prospective customers that they can provide fictitious names and details when dealing with them;
  
• making it mandatory for organisations and companies to offer an opt-out from further marketing communications with every contact and through every channel;
  
• making it mandatory for organisations to notify individual consumers, whether they have been contacted by the organisation or not, about all the information that the company has acquired about them, as soon as it has acquired it;  
  
• introducing sweeping new data breach notification provisions requiring organisations to notify the Privacy Commissioner and affected individuals when personal information is ‘believed to have been’ acquired by an unauthorised person;
  
• granting wide ranging new powers to the Privacy Commissioner including the ability to conduct privacy audits of companies, the power to demand ‘privacy impact statements’ from companies before any significant changes to their business, the ability to impose far greater fines, and the ability to create and impose ‘privacy codes’ on individual organisations;
  
• making it mandatory for direct marketers to assess the age and intellectual capacity of consumers to give consent to receive direct marketing taking into account a consumer’s ‘maturity, injury, disease, illness, cognitive impairment, physical impairment, mental disorder’ or ‘any disability or other circumstance’;
  
• making it mandatory for ‘authorised’ third parties to give or revoke consent on behalf of a consumer and for direct marketers to be responsible for validating that authority; and
  
• introducing a ‘statutory cause of action for an invasion of privacy’, which would allow consumers to take any organisation to court for any perceived intrusive behaviour with no definition of privacy at all.

ADMA has had a number of very constructive meetings with the ALRC to oppose these recommendations and the Commission has agreed to reconsider a number of them, however, privacy advocates have also been extremely vocal in lobbying the ALRC for much tougher laws and the outcome of these opposing points of view will only be revealed when the final report is made public by the Federal Government and at the moment, the Government is giving no indication of its views. 

Even at a recent industry breakfast hosted by the Privacy Commissioner, Karen Curtis, the new Special Minister for State, Senator John Faulkner, would not be drawn on what the Government’s response to the report might be.

However, Karen Curtis herself preempted the recommendation for mandatory data breach notifications by releasing draft guidelines for the rapid introduction of a voluntary notification scheme.

The Commissioner says: “Over the past few years, incidents in Australia and overseas have illustrated the importance of adequate information security and the consequences that breaches can have. These consequences can include both adverse outcomes for individual privacy, and for the reputation and activities of agencies and organisations that were responsible for the information.

The serious nature of information security and the issue of what is the appropriate response to an information security breach have been highlighted by several major high-profile data breaches occurring in the United Kingdom and the United States which have collectively resulted in the loss of millions of people’s personal information.

Such events are of particular concern with an increasing incidence of identity theft and identity fraud around the world, a concern reflected in the Australian community.  For example, the Office’s Community Attitudes to Privacy 2007 research found that 60% of individuals are concerned about becoming a victim of identity fraud or theft, with 9% indicating they had been a victim themselves and 17% personally knowing someone who has been a victim.

Countries have introduced a range of measures in an attempt to address these issues.  Following the introduction of breach notification laws in California in 2002, a further 40 states in the United States have introduced such laws.  The Commission of the European Communities also proposed the introduction of security breach notification provisions for network operators and internet service providers in its 2006 Review of the EU Regulatory Framework for electronic communications networks and services.

In Canada, privacy regulators at both the federal and provincial level have developed voluntary guidelines for responding to data breaches. New Zealand has also adopted guidelines developed along similar lines.

In Australia, the Privacy Act 1988 (Cth) (Privacy Act) does not specifically require an agency or organisation to notify individuals or the Privacy Commissioner of a breach of information security.  However, the issue of an amendment to the Privacy Act to require mandatory data breach notification is under consideration as part of the Australian Law Reform Commission’s (ALRC) review of privacy. 

In recognition of the global trends in this area and to respond to requests from agencies and organisations, the Office has developed a voluntary guide to assist agencies and organisations to respond to information security breaches and take steps to prevent such incidents from occurring.  The draft guide has been informed by voluntary guidelines adopted by the Privacy Commissioner of Canada and the New Zealand Privacy Commissioner".

The Draft Voluntary Information Security Breach Notification Guide can be found at: http://www.privacy.gov.au/publications/breach_0408.html and the media release can be found at: http://www.privacy.gov.au/news/media/2008_05.html.  The Commissioner is seeking feedback by the 16th of June 2008 and ADMA will certainly be making a formal submission.

ADMA’s membership includes organisations that represent the entire mail marketing supply chain from paper manufacturers and suppliers to creative agencies, printers, mail houses, fulfillment companies, major users of mail marketing and postal service providers including Australia Post itself.

Given ADMA’s unique position, it recently made a submission to the Australian Competition and Consumer Commission (ACCC) in response to Australia Post’s Draft Notification of Change in Domestic Letter Pricing and Introduction of New Letter Categories.

Post’s notification stated the following:

“The proposed increases are the first for the BPR and other Ordinary Letters since January 2003 and the first general increase to PreSort Letters since January 1992: overall they represent an average increase of 8.1%.

Considering the Consumer Price Index (CPI) is estimated to have increased by over 15% (over the period January 2003 to June 2008), the proposed prices represent a real reduction of around 6%.”

While this is the case, ADMA made it clear to the ACCC that Post’s statement should be read in context with the importance of price increases that specifically affected mail marketing between 1999 and 2003, specifically in regard to the Australia Post product called Ad Post.

Ad Post commenced in 1976 as a discounted price incentive for advertising mail and its original purpose was to foster the use of direct mail advertising.

In March 1999, Australia Post lodged a notification to reduce the Ad Post discount from 26.5% to 21%.  This change came into effect in April 2000.

In December 2001, Australia Post lodged a notification of its intent to eliminate the Ad Post discount for all customers except charities, the effect of which was to increase the cost to direct marketers by 19%.  This significant increase was phased in over two tranches six months apart, with a 10% increase in the price of Ad Post from 1 July 2002 and a further 9% increase from 1 January 2003.

Those price rises did have a significant impact upon the cost base of organisations using mail marketing and the direct marketing industry in general.

ADMA’s submission also raised a series of other concerns including the facts that:

• technologies like email, instant messaging and web based applications are already providing competition to letters and a price rise may trigger a reduction in mail volumes, which could ultimately lead to the need for further price increases;
  
• the proposed increases will impact significantly on ADMA member companies, particularly large mail users and will increase their cost bases by many thousands and, in some cases, many hundreds of thousands of dollars; and
  
• the proposed increases for promotional letters may impact on Australia Post itself and the downstream demand for parcel post and transactional letters.

However, ADMA’s greatest concern is the timing of the proposed increases.

The notification states that the price changes are to be effective “no later than” the 1^st of July 2008 and that 2008/09 is “the first full financial year that the proposed prices would apply”.

ADMA believes that this timeframe is simply unacceptable.

Given that the notification was only provided to the ACCC on the 5^th of February 2008 and that many ADMA members have already established their marketing and other budgets for the 2008/09 financial year, ADMA has urged the ACCC to postpone any price rises until the 1^st of July 2009.

ADMA’s submission to the Federal Productivity Commission’s Review of Australia’s Consumer Policy Framework has focused on inconsistencies between State, Territory and Federal laws, leading to a patchwork of different rules for direct marketers depending on where their customers are and what channels they are using to engage them.

The Productivity Commission has realised that the greatest difficulties are created for telephone marketers, door-to-door sales, companies holding competitions and face-to-face promotions.

The Commission’s suggestion is that these laws should be harmonised across the nation through the referral of State responsibility for Fair Trading and Consumer Affairs laws to the Federal Government and by making the ACCC the Consumer Affairs watchdog at both the Federal and State levels.

ADMA’s submission spells out that it is not convinced that the States will happily give up those powers but there is no doubt that the harmonisation of Fair Trading laws is essential and it can be achieved through other ways. There is also no doubt that it needs to occur as a matter of urgency.

Recent changes to South Australia’s Fair Trading Act 1987, the Northern Territory’s Consumer Affairs and Fair Trading Act 1990, and promised changes to the ACT’s Door-to-Door Trading Act 1991, despite ADMA’s opposition are cause for concern.

ADMA has carried out a great deal of work over many years to fix these legal inconsistencies through the national Ministerial Council of Consumer Affairs, with mixed success.  However, the strength of the Productivity Commission’s arguments, the focus of the new Federal Government on better State and Federal relations and the appointment of Chris Bowen as the new Federal Minister for Competition Policy and Consumer Affairs, may well give new momentum to nationally consistent consumer laws.

Finally, it would be remiss of me to conclude this update without mentioning a significant ADMA win.

At the end of 2007, the then Department of Communications, IT and the Arts (DCITA) asked ADMA for its views about fax marketing and flagged the prospect that the Government would create an opt-in regime under the Spam Act that would basically kill the channel for all direct marketing.

ADMA convened a working group of fax marketing members and companies that utilise this small but important channel and the end result was a submission to Government suggesting that ADMA could establish and operate a suppression file on behalf of the industry and consumers.

In response, the new Minister for Broadband, Communications and the Digital Economy (BCaDE), Senator Stephen Conroy, has given his in principle support for ADMA’s proposal and the establishment of a Do Not Fax or Fax Preference Service by the end of 2008.

This is an important endorsement of ADMA’s rational approach and engagement with the new Government, yet more work needs to be done with the BCaDE Department and members to ensure the service is a workable reality.

Kind regards

Nicholas Campbell

Director Corporate and Regulatory Affairs
E: nicholas.campbell@adma.com.au