We take matters relating to Privacy and Racial Discrimination very seriously and have gone to some lengths to ensure that the use of Origins
- Complies with all relevant legislation, and
- Can contribute to pursuit of diversity, opportunity and equity
Origins and Privacy Legislation
But we can offer the following general perspectives and statements based on the professional advice we have received and our experiences with clients.
The use of Origins data is compliant with privacy legislation in Australia and New Zealand. Furthermore, it is compliant with international standards including the European Union’s General Data Protection Regulation (GDPR) which came into effect in May 2018.
Origins data itself is not “personal information” within the meaning of applicable legislation, including the Australian Privacy Principles (APPs). This is because the data cannot be used to identify a person – directly or indirectly. However, when Origins data is appended to a record that is already personal information, it becomes part of that record and should be treated as part of an organisation’s personal data.
In any case, it does not qualify as “sensitive information”.
This view has been substantiated through independent legal advice, informal discussion with the former Privacy Commissioner, and is supported by the Association for Data-driven Marketing and Advertising (ADMA).
Most significantly, APP Guidelines explicitly state that names “… will not constitute sensitive information that necessarily indicates the racial or ethnic origin of an individual … “.1
Origins data, when appended to a individual record, is an opinion about the origin of the name combination. It is not an opinion about the cultural background of the individual carrying those names.
This means that Origins codes appended to individual records do not constitute personal information or sensitive information. It is therefore legitimate for Origins codes to be used for any application– including research and insight, modelling, mapping, customised communications, and decisioning.
Furthermore, the GDPR Regulation provides for a “Public Interest Exemption”. While there is debate about the scope of this exemption, many Australian organisations have either statutory or commercially-determined obligations to measure cultural diversity as a dimension of customers or employees. This is to ensure there is evidence of access and equity in the provision of goods and services, and to promote opportunities to participate in all dimensions of Australian society.
Of greater significance is the potential for reputational risk through inappropriate use. It would not be good practice to decline the availability, or vary the pricing, of a product or service based solely on an analysis of names.
As with all marketing and data management initiatives, there is far greater opportunity for creative and legitimate use that positively contributes to customer management, business outcomes and benefits to society through greater access and equity.
To mitigate against inappropriate use, licensees of Origins data must enter into a contract where they accept a set of protocols ensuring that their uses of Origins data are appropriate and responsible.
For more information about how the configuration and deployment of Origins can minimise organisational concerns, please contact us.
1 APP refers to the Australian Privacy Principles. See http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/ Chapter B, paragraph B.133