Our client, carsales.com Ltd (ASX: CAR) (“carsales”) is the largest online automotive, motorcycle and marine classifieds business in Australia. Powered by technology and data, and with millions of customers and subscribers, it is critical to the business and its reputation that customer information is collected, stored and used appropriately.
“This was about going the extra mile. To ensure good privacy practice across the business… I had nothing but a positive experience working with Raph and Andrew.”
Clear guidelines and framework
carsales wanted to establish clear internal guidelines for the treatment of customer data across the business.
A thorough job
CIE Legal, led by partner Raph Goldenberg and Special Counsel Andrew Thompson, crafted a privacy framework that reached across the entire operation, covering collection, storage and access to data. “I was impressed with the consideration they gave to all the different types and uses of personal information across our whole operation” states Janine. “They were really thorough”.
Complex issues
Raph and Andrew then assisted carsales with more complex areas of privacy, such as circumstances in which carsales could enrich its data by sharing with third parties to enable personalised advertising on the site. “We wanted to be sure that we had customers’ consent to do this” explains Janine, “so we consulted with Raph and Andrew on the legal considerations and they ultimately helped us to craft an email to go out to our members. It wasn’t straightforward – it was important that the email was unambiguous, fully compliant and provided a link to opt out of third party data sharing for the purposes of personalised advertising.”
Embedding good practice
With the internal privacy compliance framework and materials in place, Raph and Andrew then assisted in embedding positive privacy behaviours within the business. “Working with Janine” says Andrew, “who had identified around thirty ‘privacy champions’ in departments across the organisation, who were to become the ‘go-to’ points of call for privacy matters, we trained them on the Privacy Act and the framework we had created, so they were equipped with the knowledge they needed to take back to their colleagues. It was about embedding the knowledge and correct behaviours in all parts of the organisation.”
“Nothing but a positive experience”
“The quality of their work was excellent. They were available whenever I needed them and they provided good value”.