New Privacy Principles and your Business

Last month there was a change to the laws concerning privacy in Australia and while the big end of town will have looked at this in detail, and it applies to private businesses with a turnover of $3 million or more, the core principles are something that all businesses operating in Australia should understand and respect. And if the Act now applies to you, take care that your business is compliant.

From 12 March 2014, the Australian Privacy Principles (APPs) replaced the National Privacy Principles (that applied to government) and the Information Privacy Principles (that applied to business) so that now there's one set of principles for all, with the one exemption concerning the handling of confidential employee information, which has its own guidelines and rules.

The 13 new 'harmonised' APPs govern the kinds of information that organisations can collect, and also how they may hold, use and disclose this information. It's hard to offer a short summary, and we recommend that you look at these in detail here to assess their impact on your business.

In general terms we understand the underlying ethics: organisations should collect information with consent to the extent that it is necessary to perform agreed actions, and use that information for the purpose that it was intended. The principals also specify that individuals have the right to ask for access to that information without charge, and to update it if they wish. Organisations must also give individuals the option to provide data with anonymity where this is practicable, and provide clear instructions about how an individual can complain about a breach of the Australian Privacy Principles.

Distinctions are made between sensitive and non-sensitive information, and under what conditions information can be disclosed to third parties; the need for the information to perform actions expected and required is a key consideration in the case of sensitive information, particularly. In the case of less sensitive information used in direct marketing, there is now an additional requirement - beyond having collected the information from an individual - that the person would reasonably expect the organisation to use or disclose the information for that purpose.

Key changes relate to whether information is likely to be disclosed to recipients overseas, and if so, whether it is practicable to specify those countries in the organisation's Privacy Policy; partly this is prompted by concerns with the online storage of personal information in servers overseas, and the security of that information if it is hacked. The breach of Linked In security last year occurred when their servers were hacked in Ireland, for example. Under the new privacy laws, overseas IT providers are required to abide by local Australian laws for any business they conduct in Australia.

Australian Privacy Principle 4 concerning the receipt of unsolicited information by an organisation is interesting. Essentially the organisation must destroy the information if it determines that it could not have collected the information under AAP 3 if it had solicited the information. If you consider the amount of information being gathered through many sources online and aggregated in sophisticated marketing overlays that has not been expressly provided by individuals to these companies with their knowledge and consent for use, I wonder if we will see further refinement of this principle to cover publicly available information used for private purposes without consent in future years?

The bottom line is that all organisations, including private companies, must review their Privacy Policies and procedures in the light of recent changes or find themselves potentially in breach of the legislation.

Developing Your Customer Service Strategy

Tough times force new tough decisions that people would otherwise avoid. Councils attending a workshop of developing a Customer Service Strategy with Carol Lewis (pictured below), HR expert and Principal Consultant at The Human Equation, hosted by the National Local Government Customer Service Network had to consider trade-offs in customer service excellence in the face of budget cuts. 

Where all the talk was once been of excellence, many now looked at customer expectations and what tolerances they had to work within to deliver acceptable levels of customer service within their budget. Use of cheaper online service delivery channels (website request forms, mobile reporting apps), a review of over-staffing to meet KPIs at peak call times, and the judicious use of outsourced call overflow services are all options to rein in costs. But, unpalatable as it may sound, service levels such as call or service response times may need to be moderated, too.

However, it was clear that rather than wait for a consultant to tell you that things need to change, all Customer Service Managers would do well to prepare the groundwork ahead so that they can influence their own destiny rather than just react to events

These key tips were imparted for Customer Service Managers in local government, but they apply broadly to the private sector, too, inasmuch you should have clear goals of what you are trying to achieve for your Customers; what the costs and processes are to achieve these goals; and be able to communicate this to both your internal staff, and your customer base. 

This workshop was actually delivered in two parts over six months, which allowed participants to orient to the task, start work, and review their progress with peers - all very hands on. As a private sector observer to the second part of the process I think that the toughest part for customer service managers - as people whose work relies on delivering customer satisfaction to others - was selling their vision of how to proceed. My summary of the process for the record is as follows:

Developing your Customer Service Strategy 

 1. Research 

• What are your customers' expectations?
• Gap analysis - where are you failing to meet these expectations?
• What are the costs of meeting different service standards?
• Determine what you can afford

2. Consult with internal Stakeholders

• Are there common goals that can be achieved to help buy-in? 
• How can their investment decisions and operations impact on your ability to deliver the strategy?

 3. Structure

• Your Policy - aims, what is to be done, measurable indicators of its success
• Your plans - how will it be implemented? Who is responsible for what? What feedback loops will be in operation?
• Your Customer Service Charter - what are you promising your customers?
• Your Complaints Handling Policy - how will you handle these fairly?

4. The Customer Service Strategy Document

• The result is a marketing document that clearly explains to internal stakeholders what you are aiming for, why it is the best course of action for the organisation, how it is to be achieved and assessed, and what benefits the strategy will bring to the organisation and its customers.

It never hurts to be clear about what you do and how you do it. Even a start up business has to think through their business processes and be honest about what they will and won't do. It's a document in progress, and having identified the gaps it at least puts you in a position to look for ways to address these over time, if not immediately.