Published on Oct 31, 2017

Feel free to share

New Australian pizza topping: Spam?

How would you like your pizza with a side of spam? Whilst everyone argues whether pineapple belongs on a pizza, we can all agree that spam emails and pizza are not a good match.

Domino’s Pizza have been left red faced after their customers complained of unsolicited emails being sent to their personal inboxes.

Privacy concerns have emerged after the pizza chain admitted a former supplier may have had unauthorised access to customer’s names, emails and store suburbs related to previous pizza orders.

Domino’s have apologised to customers who may have received any unsolicited emails. Domino’s stated it “acted quickly to contain the information” and that an investigation into the breach was under way.

 

Lessons learned for small business:

There are rules around collecting, storing and using your customer’s personal information.

Under the Privacy Act, a small business is one that does not have an annual turnover greater than $3 million. Whilst many small businesses do not need to comply with the Australian Privacy Principles, some small businesses that handle personal information do.

Agencies and organisations have obligations under the Privacy Act 1988 to put in place reasonable security safeguards and to take reasonable steps to protect the personal information that they hold. This means businesses must take steps to prevent customer information from being misused, interfered with or lost and from unauthorised access, modification or disclosure.

Businesses sending messages of a commercial nature by email, SMS instant message, or MMS must also comply with the Spam Act 2003. This is the legislation which prohibits the sending of ‘unsolicited commercial electronic messages’ (known as spam) with an ‘Australian link’.

The Australian Government Office of the Australian Information Commissioner provides ten tips to protecting customer’s information:

  1. familiarise yourself with internal privacy policies, processes and procedures
  2. know who is responsible for privacy
  3. consider privacy during project planning
  4. only collect the personal information you need
  5. use and disclosure — think about it!
  6. overseas disclosure — prepare for it!
  7. take care when handling sensitive information
  8. access personal information on a need-to-know basis
  9. keep personal information secure
  10. familiarise yourself with your data breach response plan.

Read the Ten Tips to Customer Privacy in full. Find information on Privacy Laws in Australia. Read the Australian Privacy Principles guidelines (APP guidelines) and the Internet Industry Spam Code of Practice.