[LINK] Questions about SMS Spam

[Greg Taylor]

At 17:22 22/10/01 +1000, Adam Todd wrote:
>...
>But the solution to the "new" privacy legislation is simple.
>
>I set up a business and build a database. I tell the "consumer" they will 
>receive email, postal whatever from me from time to time.  I set up 
>DISTRIBUTION deals with companies that want to target my customers and the 
>companies PAY me to send the advertising to the consumer, because I hold 
>the key to the data.  I'm using the data legally because I told the 
>consumer they would receive details.

Sorry, the legislation has its flaws, but it isn't *that* stupid!

Check out the attached excerpt from the Privacy Commissioner's Guidelines.
The key message is:
"The point is to keep in mind the aim of the NPPs which is ensuring
organisations generally only use or disclose personal information in ways
that individuals would reasonably expect."

So if your "business" is one from which your customers only expect to
receive, say, hoax security alerts, your customers will not have a
reasonable expectation of receiving marketing information about the
products of an unrelated third party.

Greg

--------------------------------------------------------------
http://www.privacy.gov.au/publications/nppgl_01.html
Office of the Federal Privacy Commissioner
Guidelines to the National Privacy Principles
September 2001
.....
The point is to keep in mind the aim of the NPPs which is ensuring
organisations generally only use or disclose personal information in ways
that individuals would reasonably expect.

When thinking about whether a use or disclosure falls within the primary
purpose or a related or directly related purpose within the individual's
reasonable expectations an organisation could, where relevant consider:
- the context in which it is collecting the personal information;
- the reasonable expectations of the individual whose information it is;
- the form and content of information the organisation has given about why
it is collecting the individual's information (for example under NPP 1.3
and 1.5);
- how personal, confidential or sensitive the information is; and
- any duties of care or other professional obligations an organisation
might have (although care would be needed if these are not within the
persons reasonable expectations). 
       
Where sensitive personal information is involved, the organisation would in
general need to take a more conservative approach to what the individual
would reasonably expect.

An organisation may run a greater risk of an individual making a complaint
where there is a difference between the individual's and the organisation's
understanding of the primary purpose or what might be reasonably expected
to be done with the personal information. Organisations will reduce this
risk by ensuring individuals are informed about the organisation's intended
primary purpose and of its proposed uses or disclosures. This is likely to
be particularly important where these uses or disclosures would not be
obvious to an individual with no special knowledge of the industry or
activity. The risks are greatest where an organisation collects personal
information indirectly.