ACMA gets its Woolies worth with record $1 million spam fine

As readers may be aware, Woolworths Group Limited (Woolworths) was recently found to have breached the Spam Act 2003 (Cth) (the Act) more than five million times between October 2018 and July 2019.

The nature of the breaches

The breaches related to marketing emails that had been sent to customers after they had unsubscribed from previous messages.
 
In a statement, Woolworths explained that while they acted on individual Rewards members unsubscribe requests, they did not assume that other members who shared that email address needed to be opted out as well.

Technically, as the Australian Communications and Media Authority (ACMA) alleged in its Infringement Notice - this was a breach of subsection 16(1) of the Act by sending, or causing to be sent, 798 commercial messages to electronic addresses that had an Australian link, which were not designated commercial electronic messages, without the consent of the relevant electronic account-holders. To read the publicly available Infringement Notice, click here.

After the ACMA’s investigation, Woolworths later acknowledged the breaches, and the ACMA’s findings that its systems, processes and practices were not adequate in some instances to ensure customers could unsubscribe.

Consequences

The ACMA issued Woolworths with an infringement notice for $1,003,800 - the largest fine that it has ever issued.

Woolworths also entered into a court-enforceable undertaking with the ACMA. In summary, Woolworths agreed to:

  • appoint an Independent Consultant to review its current procedures, training and systems relating to its compliance with the Act and identify any deficiencies and/or improvements;
  • have the Independent Consultant draft a report making recommendations to improve overall compliance with the Act;
  • within 3 months of receiving the report, develop an implementation plan to implement all recommendations; and
  • provide a detailed compliance report to the ACMA every 6 months.

To read the complete undertaking click here.

Lavan comment

In a media release, the ACMA’s Chair Nerida O’Loughlin stated:

“Australians have the right to unsubscribe from marketing emails that they do not want to receive”

“The ACMA’s actions should serve as a reminder to others not to disregard customers’ wishes when it comes to unsubscribing from marketing material”

This is by no means an isolated instance, although it has received more coverage due to a combination of the scale of the offending, number of customers impacted, size of the fine and comprehensiveness of the undertaking. In the past year the ACMA has given seven formal warnings to businesses, accepted six court-enforceable undertakings and issued infringement notices of which $1,753,500 has been paid. In light of this and Ms O’Loughlin’s comments above, this case acts as a timely reminder to organisations that:

  • if you no longer need to keep the information – delete it;
  • keep your procedures to unsubscribe clear, and act upon unsubscribe requests immediately;
  • your organisation’s privacy policy should state clearly the purposes for which data is collected; and
  • all staff need to be aware of your organisation’s privacy policy and well trained in it.