The majority of franchisors are subject to the Privacy Principles and the Privacy (Enhancing Privacy Protection) Act 2012 (Cth) which restricts the ways in which franchisors (and their franchisees) can deal with and distribute certain information.

Add to that an increasing reliance on the internet and cloud based software to send information to and from franchisees, meaning franchisors must carefully monitor their compliance with privacy obligations.

Privacy Policy

All franchisors to ensure they meet the privacy principles should have a lawyer draft their privacy policy. This policy should form part of the operations manual for all franchisees and be clear, concise and user-friendly.

In addition to the main privacy policy, ensure all mobile sites (for tablets and smartphones) and internet sites contain a short version of the policy – noting this should be brought to your customer’s attention before they agree to submit any information to the franchisor website.

Anytime a franchisor (or franchisee) privacy policy changes, steps should be taken to notify all relevant parties to ensure that an inadvertent breach does not take place. Franchisors should make sure that the franchisor and franchisees have suitable internal privacy policies in place as well. Again, you should speak with a lawyer to assist with drafting.

Privacy in the Cloud

With the advent of cloud-based technologies, many franchisors run websites and/or communicate with their franchisees in ‘the cloud’, and do not have physical access to their information technology in the form of servers and backup drives.  

This can raise privacy concerns as it’s hard to control all aspects of online communication, such as social media and the intervention by third parties. Further, if franchisors store data off-shore, those locations may have different privacy considerations to Australia. Franchisors should ensure there is some backup for retrieval of lost information.

Tracking Data

Another area of concern for privacy for franchisors is where mobile phone apps or Google searches collect general information to help the franchisor analyse its customer type and base. Although this data can be de-personalised to remove personal details, certain groups of people may still be able to be tracked through the data. If the franchisor can identify a person through the data, the Privacy Act and Privacy Principles will apply, and a franchisor should know of its obligations in this regard.

To ensure franchisors meet these principles, we suggest you review existing databases and ensure they comply with the privacy principles, ensuring that data tracking does not readily identify individuals.

Marketing

Franchisors also need to be aware of privacy considerations regarding marketing, especially since the introduction of the Spam Act 2003 (Cth). This Act prohibits franchisors (and anyone else conducting marketing) from sending unsolicited emails with an Australian link, noting that any data collected without the consent of the customers of the franchise cannot be used to send spam email marketing.

***

LegalVision regularly assists franchisors with privacy issues. We can assist with drafting your franchise agreement and privacy policies. Get in touch with our franchise lawyers on 1300 544 755. 

Emma Heuston

Ask Emma a Question

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.