7.4 Spam Act 2003 Compliance

You must have the recipient's consent before sending. Two types:

• Express consent -- the person actively opted in. A ticked checkbox, a signup form, a verbal agreement. This is the gold standard.
• Inferred consent -- an existing business relationship (they bought from you, enquired recently, gave you a business card). This has limits -- it doesn't last forever and doesn't cover purchased lists.
• Purchased email lists are illegal. Buying a list and emailing it violates the Spam Act. The "consent" was not given to you.
• Record your consent -- keep a log of when and how each contact opted in. If ACMA investigates, you need to prove consent.

Every commercial message must clearly identify who sent it:

• Your business name (or your name if sole trader)
• Your ABN or ACN
• A way to contact you -- physical address, phone number, email address, or website
• This information must be accurate and current at the time of sending
• In practice: your email footer should contain your business name, ABN, physical address, and a contact link

Every commercial message must include a way to opt out:

• An unsubscribe link in every email (your email platform handles this automatically)
• "Reply STOP to unsubscribe" in every SMS
• The opt-out must be honoured within 5 business days (best practice: immediately)
• The opt-out mechanism must work for at least 30 days after sending
• You must NOT charge for opting out, require the person to log in, or make it unreasonably difficult
• Once someone unsubscribes, you cannot contact them again for commercial purposes unless they re-subscribe

Check every touchpoint where you send commercial messages:

• Email marketing: Does every email have your business name, ABN, address, and unsubscribe link in the footer?
• SMS: Does every SMS identify your business and include STOP opt-out?
• Automated sequences: Do all automated emails and SMS comply? (Easy to miss -- check each one)
• Forms: Do all signup forms have clear consent language and are not pre-ticked?
• Transactional emails: Receipts, booking confirmations, and password resets are exempt from the Spam Act. But don't sneak marketing content into transactional emails -- that makes the whole email commercial.

Create a simple compliance document covering:

• How you collect consent (which forms, what language)
• Where consent records are stored
• How unsubscribes are processed and the timeframe
• Who is responsible for compliance in your business
• Review this document every 6 months or when you add new messaging channels