Codes of Practice Draft Privacy code Variation to law
| How will the IIA Code differ from the minimum legal requirements that firms will face anyway? |
 |
 |
| Monday, 30 November 1998 10:00 |
|
In a few areas, we consider the new law falls short of explicitly addressing concerns that will become barriers to people going, or transacting online. These concerns if not addressed will limit industry growth. Fortunately, the co-regulatory framework permits the industry to fill in the gaps via industry codes.
The IIA draft Code has targetted three particular areas that require special treatment above and beyond what the law requires. It is really only in these areas that the Code will raise the bar. We are doing this because we think the cost/benefit analysis favours members and will benefit users. The three areas are:
This requirement recognises that children under a certain age in the real world cannot legally give their consent, because the law presumes that they are either open to manipulation or cannot otherwise act in their own best interests. We see no reason why the same approach should not also apply online. The IIA intends to assist members to meet this obligation by way of guidelines suggesting practical options to achieve compliance. The second area, online direct marketing, is important to address because we are concerned that non-permission based methods of information collection may - in aggregate and over time - result in a negative reaction from the market. There is considerable anecdotal evidence suggesting that spam is viewed by many as a negative aspect of the online experience. The main reason would seem to be a combination of the cost shifting nature of the practice (which distinguishes it from offline direct marketing where the recipient does not bear the cost of receival), the inconvenience, and the implications for network performance. Presently, in the case of 'secondary purpose direct marketing', the law requires users to opt-out unless it is not practicable to do so. In contrast, the Code will be requiring Code Subscribers to seek the prior consent of users for the collection of personal information where it is intended for secondary purpose direct marketing. (Primary-purpose direct marketing will require informed consent under the law, in any case). We believe that gaining a consent in an online environment is not particularly hard, and therefore not "impracticable", and that permission based marketing will foster better customers relations in any event. While some argue that opting out is not difficult either, we are concerned that a logical progression might see consumers facing a barrage of individual online direct marketing approaches, each of which they would have to opt out of separately. We can't see how this approach can subsist in a best practice model. The third area we are addressing is compliance with the EU Data Protection Directive. Already some US companies have entered into safe harbour arrangements with the EU. The IIA is attempting to create a similar concession, but on an industry wide basis - or at least as far as subscription to our EU Extended Code version will permit. Finally, we are encouraging all SME members to subscribe to our Code scheme. This is not technically an extension of the obligations under the law as much as a broadening of its scope - SMEs are exempt from the Privacy Act if their annual turnover is under A$3million per annum. Unfortunately, they collectively make up over 97% of Australian businesses and 30% of business volumes. In the Internet industry, trust is even more important when you are not a brand name. For this reason we see SMEs as one of the biggest beneficiaries of our Code program. Our internal surveys show that SME members are already overwhelmingly compliant with what we would consider best practice standards. The IIA Code, and particularly the seal program, will now allow them to reap the marketing advantages of their ethical practices. |
| Last Updated on Tuesday, 06 December 2005 07:15 |
Global Developments
