Spam for Breakfast Lunch and Dinner What will

Spam for Breakfast, Lunch and Dinner: What will the Unsolicited Electronic Messages Bill do for Privacy? Graeme Crombie Senior Associate Minter Ellison Rudd Watts Privacy Forum 30 March 2006

Spam – covered by the Privacy Act Example 1: B Spams Using Email Address Collected By A • B has breached: ØPP 2 – not collecting email address directly from the subject ØPP 3 – not making the subject aware of the collection • A has breached: ØPP 10 – email address used for unspecified purpose ØPP 11 – email address disclosed without consent • Spam Bill is breached by B: Øcommercial electronic message Øunsolicited Øhas an NZ link Ødoes not identify the sender, provide contact details or an unsubscribe function

Spam – not covered by the Privacy Act But covered by the Spam Bill Example 2: A Uses B’s Server To Send Spam • No breach of the Privacy Act: Øemail address was publicly available Øexceptions to PPs 2, 10 and 11 apply • Spam Bill breached by A: Øcommercial electronic message Øunsolicited Øhas an NZ link Ødoes not provide an unsubscribe function • Spam Bill not breached by B: Ømessage sent without B’s knowledge

Spam – not covered by the Privacy Act and not covered by the Spam Bill Example 3: A Guesses Email Address And Sends Message • No breach of the Privacy Act: Øemail address was not collected Øif email address subsequently verified collection authorised • No breach of Spam Bill: Øpromotional electronic message Øidentifies sender, provides contact details and unsubscribe function Ørequires recipient to opt-out of receiving further emails • But now a breach of Spam Bill: Øemail address discovered by use of address harvesting software