Information about prospects, clients, donors and members can greatly help to improve product and service offerings and increase income. Databases with contact details – especially when segmented by factors such as age, gender, location and interests – assist in informing, selling and receiving feedback cost effectively. However, when data is poorly managed, not held securely and/or used indiscriminately, organisations can suffer reputational damage and be penalised financially. Two pieces of legislation in particular govern the use of personal information:
The Privacy Act 1993 which controls the collection, use, storage and disclosure of personal information. Based on 12 principles, organisations are expected to collect information fairly, to consider whether the information is necessary, to obtain it directly from the person (unless publicly available), and to tell people what the information will be used for and who will have access to it. The Act also specifies requirements regarding how long to keep the data, ensuring the data is accurate, secure storage, individuals’ access to and ability to correct the information, the use and disclosure of the information collected as well as the assignment of unique identifiers.
The Unsolicited Electronic Messages Act 2007 which prohibits organisations sending ‘commercial’ electronic messages unless recipient consent has been given. While consent can be inferred or deemed, it is best to have a record showing the recipient’s choice to opt-in. The electronic messages must clearly state the name and contact details of the sender and recipients must have the opportunity to unsubscribe.
If you are unsure, seek professional advice.
This article was first published in the Mercury Bay Informer of 24 July 2019. See www.theinformer.co.nz