Guidelines for Purchasing and Using Marketing Lists

Connective does not endorse or recommend any specific marketing list provider. Brokers must conduct their own due diligence and seek professional legal advice — including checking with their professional indemnity (PI) insurance provider — before purchasing or using a marketing list.
​
Before buying a list, ensure it complies with all relevant Australian legislation, including:
• Spam Act 2003
• Do Not Call Register Act 2006
• Privacy Act 1988 and the Australian Privacy Principles (APPs)
• National Consumer Credit Protection Act 2009 (NCCP Act) and ASIC guidelines
​
Failure to comply with these laws can lead to significant penalties, reputational damage, and operational disruptions.
​
​

• Consent (Section 16): You must not send unsolicited commercial messages unless the recipient has given express or inferred consent. Inferred consent can arise from an existing business relationship but should be used cautiously.
• Address Harvesting (Sections 21–22): It is illegal to buy or use lists created using address-harvesting software — automated tools that scrape email addresses from public sources.
• Sender Identification (Section 17): Every message must clearly identify your business and provide accurate contact details valid for at least 30 days after sending.
• Unsubscribe Facility (Section 18): Include a clear, functional unsubscribe link or instruction in every message, and honour unsubscribe requests within five business days.
​
Warning signs of a non-compliant list: A vendor cannot show how consent was obtained, provides vague data sources, or the list includes generic email addresses. Using such lists can lead to fines from the Australian Communications and Media Authority (ACMA).
​
​

• Do not contact numbers listed on the Do Not Call Register unless you have express consent from the individual.
• Ensure your purchased list has been “washed” against the DNCR within the past 30 days.
• Adhere to permitted calling hours: Weekdays 9am–8pm, Saturdays 9am–5pm, and no calls on Sundays or public holidays.
​
​

The Privacy Act applies to most businesses, especially those collecting, selling, or using personal information. Under APP 7 (Direct Marketing):
• You must provide an opt-out mechanism for individuals who no longer wish to receive marketing communications.
• Ensure your privacy policy discloses that personal information may be obtained from third parties and used for direct marketing.
• Verify that your vendor has collected personal data in compliance with the APPs and obtained valid consent.
​
​

Under the National Consumer Credit Protection Act 2009, brokers must act efficiently, honestly, and fairly.
ASIC’s Regulatory Guide 234 requires that all advertising and marketing communications:
• Are not misleading or deceptive.
• Accurately represent the financial products or services promoted.
• Clearly disclose relevant terms and conditions.
​
Maintain evidence of consent, respect privacy, and avoid misleading statements in all marketing activities.
​
​

• Due Diligence: Always confirm list legitimacy and obtain compliance documentation from the vendor.
• Record Keeping: Keep written evidence of consent and all marketing list sources.
• Staff Training: Ensure team members understand privacy, spam, and marketing compliance obligations.
• Ongoing Reviews: Conduct periodic audits of your marketing activities and unsubscribe systems.
​
​In summary: Only use marketing lists that are consent-based, lawfully sourced, and transparent. Maintain accountability by keeping accurate records, respecting privacy, and promptly honouring unsubscribe requests. These practices not only ensure compliance but also strengthen client trust and brand integrity.
​