The investigation found that CBA had sent more than 61 million marketing emails to customers
The Commonwealth Bank of Australia (CBA) has been issued a record penalty of $US3.55 million by the Australian Communications and Media Authority (ACMA) for violating Australia’s spam laws. An ACMA investigation revealed that CBA had sent over 65 million emails that did not comply with the regulations.
The investigation found that CBA had sent more than 61 million marketing emails to customers, requiring them to log in to unsubscribe, which was deemed unlawful. Additionally, CBA sent 4 million marketing emails that lacked a functioning unsubscribe facility. Furthermore, over 5,000 marketing emails were sent to customers who had previously requested to unsubscribe from such messages.
ACMA Chair Nerida O’Loughlin emphasized that companies must provide consumers with the option to unsubscribe from marketing messages and make the process easy for them to exercise their rights. The scale and duration of the breaches committed by CBA were deemed alarming, especially considering that the ACMA had previously warned the bank about potential issues, but the steps taken were ineffective.
As a result of the breach, the ACMA has imposed the largest penalty to date for spam law violations. CBA has also entered a three-year court-enforceable undertaking, which includes an independent review of its e-marketing practices and the implementation of improvements. The bank is required to provide regular compliance reports to the ACMA and train its staff on Australia’s spam laws.
Under the Spam Act 2003, marketing messages must include functional unsubscribe facilities, and requiring consumers to log in or provide personal details to unsubscribe is generally prohibited. Once a recipient has unsubscribed, sending further marketing messages is also against the law.
The ACMA will closely monitor CBA’s compliance with the undertaking and its commitments to review its practices. Non-compliance with Australia’s spam laws will not be tolerated, and further action will be taken if necessary.
Enforcing rules related to SMS and email subscriptions is an ongoing priority for the ACMA. In the past 18 months, businesses have paid $US11 million in penalties for breaching spam and telemarketing laws. The ACMA has also accepted 12 court-enforceable undertakings and issued 1 formal warning in relation to such violations.