Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Using publically available personal information for marketing

Can a business take information from public sources and use it to approach potential customers?

Generally, yes. But if the business is covered by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Privacy Act), there are some things it will need to do. For more information about the coverage of the APPs, see Information sheet 12: Coverage of and exemptions from the private sector provisions.

Example:

A bridal boutique takes names from engagement notices, matches them with information from the phone book, and uses the combined information to approach potential customers.

The boutique can do this. However if the boutique is covered by the APPs, it will have some specific obligations.

  • Generally speaking, in order to use or disclosure of the information for the purpose of direct marketing communications, the boutique must have the individual’s consent (or it must be impracticable to obtain the individual’s consent — see the APP Guidelines APP 7 (direct marketing) — for information about when it may be impracticable to obtain consent), and the boutique must provide a simple means by which the individual may easily request not to receive further direct marketing communications (also note that if the boutique wishes to use ‘sensitive information’ (see APP Guidelines Chapter B: Key concepts) for the purpose of direct marketing, it must obtain the direct and express consent of the individual); and
  • in each direct marketing communication with the individual, the boutique must:
    • include a prominent statement that the individual may make such a request; or
    • otherwise draws the individual's attention to the fact that the individual may make such a request; and
  • the boutique may only continue with direct marketing communications if the individual has not requested to not receive further direct marketing communications. See APP 7.
  • The boutique must also tell the potential customers: its name and how to contact it, why it has collected the information, to whom (if anyone) it usually discloses the information, and how the customer can get access to the information. This could usually be done at the first approach to the potential customer. See APP 1.4, APP 5.2.
  • It must only use the information for the purpose of approaching the potential customer (the 'primary purpose of collection') or for a related purpose that the potential customer would expect (a 'secondary purpose'). For example, it should not give or sell the information to another business the potential customer has never heard of. See APP 6.1.
  • It must do what it reasonably can to make sure that the information is correct. So if it finds out that some of the information it collected from the engagement notices is wrong, it must delete or correct that information. See APP 10.
  • It must keep the information reasonably secure. See APP 11.
  • It must have a clearly expressed and up to date privacy policy about the management of personal information by the boutique. Assuming that the boutique is not doing anything unusual with the personal information it collects, this would only need to be a short statement about what personal information the boutique collects, where it gets it from and how it uses it. See APP 1.3.
  • It must give the potential customer access to the information on request and correct any errors the customer points out. See APP 12, APP 13.

Usually these will be the boutique's only obligations under the APPs.

However, the boutique also needs to consider any obligations it may have under the Do Not Call Register Act 2006 and Spam Act 2003.

For more information about all the APPs, see Privacy fact sheet 17: Australian Privacy Principles and the Guidelines to the Australian Privacy Principles. You may also wish to look through the Privacy fact sheets.

Back to Contents

Can a business use the electronic white pages; or the electoral roll; or land titles information; to get information to assist with cold calling?

Yes. These are publicly available sources of personal information and the APPs do not prevent the business from using the information in them for marketing purposes. The business will have the same obligations as the bridal boutique example above.

Depending on how an organisation wishes to use publicly available personal information, some more difficult questions can arise. For more information on publicly available personal information, please see Information sheet 17: Privacy and information that is publicly available. For more information about the coverage of the APPs, see Information sheet 12: Coverage of and exemptions from the private sector provisions.

Note that some public registers have specific laws that limit the use of the information on the register. The business should check any restrictions with the relevant body, for example, the Australian Electoral Commission or the state land title office.

Back to Contents

Can a business use random number dialling to market products?

Yes, even if the business is subject to the APPs. For more information about the coverage of the APPs, see Information sheet 12: Coverage of and exemptions from the private sector provisions.

The business will usually be collecting personal information in the course of a randomly dialled call. If so, the business could continue this practice but would need to comply with the APPs, and consider any obligations it may have under the Do Not Call Register Act 2006 and Spam Act 2003, as in the bridal boutique example.

For more information about all the APPs, see the Privacy fact sheet 17: Australian Privacy Principles and the Guidelines to the Australian Privacy Principles. You may also wish to look through the Privacy fact sheets.

Back to Contents