Small businesses using loyalty programs must not provide their customers’ data to third parties without consent or provide misleading details of an offer in advertising, or they will risk serious fines or even court action, a legal expert warns.
Businesses must also ensure they adhere to the Spam Act, which prohibits businesses from sending unsolicited messages without an unsubscribe feature, which has caused the telecommunications regulator to hand out millions in fines over the past two years.
TressCox solicitor Anita Siassios says SMEs using loyalty programs must keep in mind three separate sets of laws – privacy, spam and trade practices regulations.
“For breaching the Trades Practices Act in particular, the fines are quite substantial. Often they could run into the hundreds of thousands, and people are getting caught regularly now.”
Siassios says there are many businesses that won’t have any trouble keeping in line, for example cafes offering free coffee with a 10th purchase, or so on. But for companies offering complex deals and different types of product offers, along with ongoing discount campaigns, there are important rules to keep in mind.
When a business signs up customers to a loyalty program, they often gather information like a name, address, phone number and email. While having this data is perfectly fine if the customer consents, Siassios says distributing that information to a third-party is a no-go.
“This even occurs when someone else buys your business, or someone else just wants to have access to it for whatever reason. If you don’t have the customer’s consent, then if you hand that data over you could be in breach of the Act.”
The only way businesses can hand over that information is if they ask the customer themselves. However, simply making customers tick a box at the bottom of a form isn’t good enough either.
“The more specific about what you’re doing with their data, the better. If you are a café, and you want to sell your data to a phone company database, or something unusual, then you will need to be very specific about that. But if it’s related, like a food supplier or something, then you don’t have to be as detailed.”
“But when in doubt, be specific. Get consent. You really have to put it out there that you’re going to send this third party data off to someone, or a company, and you must be completely upfront about it.”
The other issue is the customer’s right to access that data at any point. Siassios says the big mistake businesses make is they often don’t let people know they can change that data whenever they like.
“Customers have a right to access that personal information. At any point, a customer needs to be able to access that data and change it. And that needs to be stated in your privacy policy as well.”
The second issue is spam, and with many businesses operating loyalty programs online this is becoming more of a concern.
“Any messages offering a discount, offer or anything loyalty-based must be sent with the recipient’s consent, you can’t just send to random customers if they haven’t first given their permission for you to send them messages. This is something businesses can’t ignore.”
The other issue, Siassios says, is the growth of mobile marketing. As more SMEs use text messages and MMS to send information about loyalty programs and offers, many will need to adhere to spam regulations.
“The other important issue is that the message needs to contain clear and accurate information that authorised the sending, and it also must contain an unsubscribe facility.”
The Australian Communications and Media Authority isn’t shy about handing out penalties for breaching spam regulations. In October 2009 over $15 million in penalties were handed down to companies found to be in breach of national anti-spam laws.
“Ideally you want to have a clear unsubscribe facility if you’re sending out these types of messages. It’s so easy to report these things to authorities now, and you can find yourself in trouble really quickly if you aren’t operating this way.”
The third issue is adhering to the Trade Practices Act, specifically regarding the use of misleading and deceptive conduct.
“American Express had an issue a few years ago with their Platinum program. The deal was you could purchase a first-class ticket, then get a complimentary ticket. However, it turns out the ticket wasn’t exactly complimentary.”
“This is what you need to watch out for. You can’t advertise something and then put the details in the fine print.”
ACMA addressed this issue in the telecommunications sector with regards to internet speeds. ISPs would advertise speeds of “up to” a certain point, when in reality the average speeds were lower than the advertised amount.
While Siassios says the two issues are quite different, the same principle applies in loyalty programs – fine print is not an excuse.
“This isn’t really for low-end offers like a coffee offer or something like that, but the more high-end type of programs. The overall message for all three regulations is, don’t skirt around, be specific, direct and clear.”