Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Telecommunications (Do Not Call Register) (Telemarketing and Research Calls) Draft Industry Standard 2006; Submission to the Australian Communications and Media Authority (January 2007)

Draft Industry Standard 2006 Submission to the Australian Communications and Media Authority January 2007 Office of the Privacy Commissioner Background and draft Standard Privacy Act coverage Application of the Privacy Act to telemarketing The draft Standard Provision of information d...

pdfTelecommunications (Do Not Call Register) (Telemarketing and Research Calls) Draft Industry Standard 2006; Submission to the Australian Communications and Media Authority (January 2007)

Draft Industry Standard 2006

Submission to the Australian Communications and Media Authority

January 2007

Office of the Privacy Commissioner

The Office of the Privacy Commissioner (the Office) is an independent statutory body responsible for promoting an Australian culture that respects privacy. The Privacy Act 1988 (the Privacy Act) covers federal and ACT Government agencies, businesses with an annual turnover of more than $3 million, the private health sector, small businesses that trade in personal information, credit providers and credit reporting agencies. The Privacy Commissioner has responsibilities under the Privacy Act and other federal legislation to regulate the way agencies and organisations collect, use, store and disclose individuals' personal information.

Background and draft Standard

The Office welcomes the opportunity to make a submission on the draft Telecommunications (Do Not Call Register) (Telemarketing and Research Calls) Industry Standard 2006 (draft Standard). The Office understands that the draft Standard was prepared by the Australian Communications and Media Authority (ACMA) as required under section 125A of the Telecommunications Act 1997 (Telecommunications Act) before the commencement of Part 2 of the Do Not Call Register Act 2006 (DNCR Act). In this submission, the Office has considered the draft Standard presented by ACMA and has provided comments accordingly.

In this Office's report Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (the OPC Review), which was released on 18 May 2005, the Privacy Commissioner recommended that the Australian Government consider exploring options for establishing a national ''Do Not Contact' register1. The Office subsequently made a submission to the Introduction of a Do Not Call Register: Possible Australian Model Discussion Paper2 (DNCR Discussion Paper) released by the Department of Communications, Information Technology and the Arts (DCITA) in December 2005 and to the inquiry into the provisions of the Do Not Call Register Bill 2006 and the Do Not Call Register (Consequential Amendments) Bill 20063 in June 2006.

The Office has maintained an interest in the development of the Do Not call Register, which includes the Deputy Commissioner's role as a member of the Do Not Call Register Scheme Steering Committee, which has been meeting regularly since June 2006. Also, in September 2006, the Office made a submission to the Industry Standard for the Making of Telemarketing Calls Discussion Paper (the Discussion Paper) published by ACMA.

The comments in this submission to ACMA regarding an Industry Standard for the making of telemarketing and research calls, as with other submissions in relation to the development of the Do Not call Register (DNCR), are provided with the intention of contributing to the long-term effectiveness of the DNCR established by the DNCR Act.

Privacy Act coverage

The private sector provisions of the Privacy Act apply to organisations (including not-for-profits) with an annual turnover of more than $3 million and, in particular circumstances, some small businesses with an annual turnover of $3 million or less.

The private sector provisions of the Privacy Act centre around 10 National Privacy Principles (the NPPs) that set out how private sector organisations should collect, use, keep secure and disclose personal information.

The Office notes that the private sector provisions of the Privacy Act will continue to operate alongside the provisions of the DNCR Act and the ACMA Industry Standard for the making of telemarketing and research calls, once it is established. This means that organisations bound by the Privacy Act must continue to comply with that Act, as well as the ACMA Industry Standard when making, or causing telemarketing calls to be made. The application of the Privacy Act to telemarketing is summarised below.

Application of the Privacy Act to telemarketing

The NPPs apply to direct marketing and include specific direct marketing provisions. However, the application of the specific direct marketing provisions is limited. The use or disclosure of personal information for direct marketing is covered by NPP 2.1. This principle distinguishes between the primary purposes of collecting personal information and any secondary purposes, and limits the use and disclosure of information for a purpose other than the primary purpose of collection.

Under the NPPs, an organisation that collects information for the primary purpose of direct marketing can generally use and disclose it for that purpose. Similarly, NPP 2.1(a) could permit personal information to be used or disclosed for direct marketing if such an activity is related to the purpose for which the information was collected (directly related in the case of sensitive information) and the person from whom it was collected would reasonably expect the organisation that collected the personal information to use or disclose it for direct marketing.

In some circumstances an organisation can use an individual's personal information for direct marketing even if direct marketing was not the primary purpose of collection and direct marketing is unrelated to the purpose of collection and not within the reasonable expectations of the individual. The organisation may use the information if:

  • the person from whom the information was collected has consented to the use or disclosure of the information for direct marketing (NPP 2.1(b) or
  • if the information is not sensitive information and the use of the information is for the secondary purpose of direct marketing, and
    • it is impracticable to get consent before using the information
    • the direct marketing organisation gives the individual the opportunity to opt-out of receiving material at no cost
    • the individual has not already asked the organisation not to send material
    • in every communication the organisation draws the individual's attention to the fact, or prominently display a notice, that he or she may opt-out of receiving further material and
    • each communication includes the relevant contact details of the organisation, including electronic contact details if the material was sent by electronic means.

NPP2.1(c)(i)-(v).

The draft Standard

The draft Standard is intended to prescribe the minimum obligations that telemarketers and researchers, and bodies and organisations that are otherwise exempt from the DNCR Act4, need to comply with when they make or cause a call to be made to an individual.

In general the Office considers that the draft Standard adequately deals with the matters prescribed under s36 in the Do Not Call Register (Consequential Amendments) Act 2006 in relation to s125A(1)(b)(i)-(v) of the Telecommunications Act. However the Office submits the following comments in relation to Section 6, concerning the provision of information during a call and Section 8, concerning calling line identification for a call.

Provision of information during a call

Section 6 of the draft Standard deals with the information that a caller must provide to a call recipient during a telemarketing call. In particular the Office supports the inclusion of the note at the end of s6(1), which refers to other requirements in the Privacy Act, as it provides an important reminder to telemarketers that the general provisions of the Privacy Act still apply to them when they collect personal information during a telemarketing call.

Section 6 also requires that, if requested by the call recipient, a caller must provide the name and contact details of their employer and the person responsible for dealing with consumer inquires or complaints relating to the call or the person who has caused the call to be made. The Office also supports this approach as it appears to provide individuals with the information necessary to make informed choices about disclosing their personal information during a telemarketing call. It also provides them with the information they require to exercise certain rights under the Privacy Act. For example, having the contact details would allow a call recipient to contact the organisation to request access to the information the organisation holds about them under NPP 6.

Notwithstanding these positive aspects, the Office has some concerns in relation to the specific requirements of sections 6(1)(f) and 6(2). Under section 6(1)(f) a caller must provide, if requested by the recipient, their full name and contact details. The contact details definition in section 6(2) includes a street address and telephone number.

The Interpretation section of the Bill prescribes, at s3(2)(a), that the Standard applies to a person who has entered into a contract or arrangement with another person. The Office is concerned that a literal reading of s(3)(2)(a) could suggest that individuals who are contracted to work from home as telemarketers, may have to disclose their own personal information to call recipients in order to comply with the Standard. This appears to be inconsistent with the intent expressed in the explanatory memorandum for the DNCR Bill,5 which is to make organisations responsible for complying with the DNCR Act, rather than individuals working for them.

To resolve this issue, the Office recommends that s6(1)(f) could be amended to make it clear that individuals who are working from home as telemarketers could provide their employer's (the organisation's) contact details rather than their own. This could be achieved by altering the definition requirements so that a contracted telemarketer does not have to provide their personal home address.

The provisions at 6(1)(i)-(j) require that the caller inform the call recipient of the "source" from which their telephone number or other personal information was obtained. These provisions also require that "if applicable" the name and contact details of any person who disclosed the call recipient's personal information are provided to the call recipient. The Office is concerned that there could be situations whereby a narrow interpretation of these provisions may cause the personal details of another individual rather than an organisation to be disclosed, thereby compromising their privacy.

While the Office believes that an organisation should be required to tell individuals, on request, where it obtained their personal information, this information should be limited to the details of the organisation who made the disclosure6. The Office recommends that the requirements at s6(1)(i)-(j) could be amended to ensure that the privacy of individuals is protected.

Enabling calling line identification for a call

The Office believes that there may be a further issue for telemarketers who work from home in relation to section 8 of the Standard.

Under this section, calling line identification (CLI) must be enabled when a call is made unless a more suitable alternate number exists to be provided. The Office believes that telemarketers working from home should be provided with the option not to have to display their home phone number when enabling calling line identification. To resolve this issue, organisations could provide a separate phone line, either as a landline or mobile line, for the contracted telemarketer to use, to allow them the option of maintaining their privacy.

Summary of key recommendations

The Office would like to recommend that ACMA review the Standard to ensure that:

  1. The requirement for telemarketers to provide contact details does not disadvantage individuals working from home and making telemarketing calls.
  2. Requirements for callers to provide details of the "source" from which they gained the telephone number or personal information of a call recipient does not cause an intrusion on the privacy of a third-party individual.
  3. The requirement to enable CLI does not disadvantage telemarketers working from their own home and using their own personal telephone to make calls.

Endnotes

1 Office of the Privacy Commissioner: Getting in on the Act: Review of the Private Sector Provisions of the Privacy Act 1988. Available at http://www.privacy.gov.au/law/reform/review/. See Recommendation 25

2 Available from www.privacy.gov.au/materials/types/download/8656/6501.

3Available from http://www.privacy.gov.au/materials/types/submissions/view/6667

4 Those bodies or organisations who make "designated telemarketing calls" as defined in Schedule 1 of the DNCR Act

5 The Parliament of the Commonwealth of Australia, House of Representatives: Do Not Call Register Bill 2006, Explanatory Memorandum

6 Office of the Privacy Commissioner: Getting in on the Act:The Review of the Private Sector Provisions of the Privacy Act 1988, pg 103