Don’t Fear the New Privacy Changes

Written By Dana Teahan

A Guide for Marketing Teams.

The changes in privacy laws in Australia are not as disruptive as they seem. For marketing teams already following best practices, these updates represent an opportunity to refine data collection, enhance transparency, and strengthen customer trust.  

Rather than panic, marketers should focus on compliance and view these changes as a chance to modernise their approach as Privacy is only going to continue to tighten.  

Four Key Areas for Marketing Teams to Address.  

To stay compliant and capitalise on the new privacy regulations, marketing teams should focus on three critical areas: 

  1. Broader Application of the Privacy Act 

  2. Stricter Data Handling and Collection Requirements 

  3. Impact on PII, advanced analytics and targeting 

  4. New Obligations for De-Identified Data and Vendor Management

By addressing these areas, teams can stay ahead of regulatory changes while maintaining customer trust. 

 

Broader Application of the Privacy Act: Who Must Comply 

The most notable change is the expansion of the Privacy Act’s scope. It now applies to a wider range of businesses, including small businesses that may have been exempt under the old laws (though there is still a threshold). This broader application impact businesses that may not have had to comply in the past. 

Marketing teams, especially those in small businesses, must ensure that their data collection processes are fully compliant with the updated laws. This may involve revising data collection practices and communicating these changes to stakeholders. 

 

Stricter Data Handling and Collection Requirements: Smarter Data Use 

The new regulations require marketers to be more intentional about the data they collect and how they use it. The focus is on transparency and collecting only the data necessary for specific business purposes. Marketers must be able to justify why each piece of information is collected. 

For example, if a restaurant collects birthdates for birthday promotions, it might now need to collect only an age verification (confirming if a customer is over 18), unless the specific birthdate is essential to the promotion. Marketing teams need to rethink their approach to data collection—focusing on necessity, transparency, and reducing liability. 

Customers also need a straightforward way of withdrawing consent – meaning Marketing and Digital teams need to consider how consent management is provided to customers. 

 

Impact on PII, advanced analytics and targeting 

Under the new laws, Personally Identifiable Information (PII) is more explicit in its definition. This new explicit definition includes scope on technical information about a customer (so collecting IP Addresses, Device ID’s etc), de-identified information that could be re-identified and importantly "inferred” information - such as analytical segments or calculated information about a customer. 

The implication on Marketing teams, especially ones that are advanced in activating data must address impacts in advertising, targeting or personalisation – again tied back to clear data collection transparency and consent. 

 

De-Identified Data: Enhanced Protections and Third-Party Responsibilities 

The new privacy rules introduce stricter protections for de-identified data, ensuring it cannot be easily re-identified and used improperly. This has implications for marketers who rely on such data for analytics, advertising, or customer tracking. 

For example, if your business uses de-identified data for targeted ads or performance measurement, you must ensure that the data cannot be linked back to individuals. This may involve working closely with data partners and implementing strict protocols to separate identifiable from de-identified datasets. 

Additionally, marketing teams must understand their role as “controllers” under the new laws. If you use third-party vendors to process data, you are responsible for ensuring their compliance with privacy regulations. This means assessing your data flows and partnerships and ensuring third parties follow the same stringent guidelines as your own team. 

 The call out here is for marketing teams that may rely on agencies to support execution in external platforms. 

 

Practical Steps for Preparing Your Marketing Team 

To comply with these changes and minimise risks, marketing teams should take the following steps: 

  • Conduct a Privacy Audit: Evaluate your current data collection, storage, and usage practices to ensure they meet the new standards. 

  • Understand your data: The new rules expand definitions which has flow on impacts to privacy policies and how marketing may need to treat data collection and usage. 

  • Simplify Data Collection: Only gather the data you truly need and clearly communicate why it is necessary. 

  • Monitor Data Transfers: Review your third-party vendors and ensure they comply with new privacy laws, especially in handling de-identified data. 

  • Communicate with Customers: Update your privacy policies and customer communications to reflect these changes, building trust through transparency. 

 

Embrace the Opportunity for Improvement 

Rather than fearing these new privacy changes, marketing teams should see them as an opportunity to strengthen their practices. The new regulations are a logical extension of existing protections, and by focusing on compliance, data security, and transparency, marketers can build stronger relationships with their customers. 

The future of marketing lies in smarter data use, more personalised customer experiences, and maintaining trust. By preparing now, marketing teams can ensure they are aligned with both regulatory requirements and consumer expectations in 2024 and beyond. 

Dana Teahan https://www.dividebyzero.com.au
Previous

Martech Secret Sauce
Next

AI — The story is about us