Digital Privacy Legislation Update

23 June 2023

The Commonwealth Bank of Australia (CBA) has been hit with a record fine after being caught contravening laws governing marketing spam. The nation’s largest bank must pay $3.55 million to atone for the misuse of its marketing list as the federal government signals a stricter line on the digital actions of Australian corporations.   

The CBA sent almost 65 million marketing emails that breached the Spam Act (2003). This legislation was amended in 2021 to limit the actions of email marketing campaigns. Under the current law, users must be able to unsubscribe from marketing lists without the annoyance of logging into an account. This type of addition to existing legislation covering the digital world is vital, given how quickly the domain has changed in recent times.

The penalty will serve as a warning to other marketers who bombard subscribers with electronic promotional material and make it unnecessarily difficult to opt out. The fine continues the federal government’s closer scrutiny of the actions of Australian companies and efforts to hold them to account for digital infractions.

This agenda has been hastened by the series of high-profile data breaches affecting leading Australian companies including Optus, Medibank, and Latitude. While class actions are currently in motion on behalf of citizens who have had their sensitive data compromised, high-level discussion is underway to add greater legislative weight to the civil punishment of settling such claims. Many leading organisations are currently scrambling to put their digital house in order and remain up-to-date and compliant with the changing legislative landscape.

The CBA fine will be welcomed by everyone who has struggled to stem the flow of unwanted marketing emails. The option to unsubscribe from marketing lists needs to be simple, quick, and part of a transparent process. Digital marketing was once seen as the Wild West with unscrupulous operators abusing contact lists without legal repercussion. This and other similar fines hopefully signal a seriousness among legislators to tackle pressing consumer concerns such as unwanted spam.

Governments of all political persuasion have been forced to tackle complex matters pertaining to the protection of personal data in recent months, including how private details are stored, protected, and used for marketing purposes.

Many organisations struggle to comprehend the scope and nature of their digital assets. They are unsure of where personal customer details are located and which staff members enjoy access. These questions can be answered by engaged a Managed Security Services Prover (MSSP) that can help manage and protect even the most complex data.

For more information about the security and application of your organisational data, contact Intalock today.  

back to blog