'

​Spammers put on notice by the ACMA after SMS pests fined AU$50k

Online marketplace Service Seeking has been fined AU$50,400 for spamming, while the ATO is looking for a third party to help it with a nationwide email campaign.

Online tradesman marketplace Service Seeking Pty Ltd has been hit with a fine for spamming people via SMS without consent.

The AU$50,400 infringement notice is for sending unsolicited text messages, for failing to clearly identify who authorised them to do so, and for not including an unsubscribe statement.

The fine follows an investigation by the Australian Communications and Media Authority (ACMA) into consumer complaints about Service Seeking's marketing practices.

"Businesses that use SMS marketing must make sure the recipient has given permission to be contacted. In this case, the business sent commercial messages to phone numbers obtained from an online directory without the consent of the accountholder," ACMA chair Nerida O'Loughlin said in a statement.

The ACMA has been targeting consent-based marketing. The penalties for breaching Australia's spam rules can be serious for businesses; if found breaking the rules, the ACMA can seek a civil penalty and/or injunction from the Federal Court; give an infringement notice; accept a court enforceable undertaking; or issue a formal warning.

The Australian Taxation Office (ATO) is looking to do a mass mail-out of its own, turning to the market for a third-party email provider to send over 5 million emails out to Australians.

"The primary use of this service will be for the [ATO's] business teams to send digital newsletters, ad hoc urgent alerts, and targeted information emails to separate, targeted user bases, often at the same time," the Approach to Market (ATM) documentation explains.

"The [ATO] expects to send more than 5 million emails per year through the service, reaching approximately 250,000 unique email addresses (in total across all subscriber groups). Each subscriber group will contain up to 45,000 addresses but could contain up to 100,000 addresses. Some subscribers will be in multiple subscriber groups."

On the security front, the ATO requires the cloud-based offering to be stored on servers based in Australia, be IRAP compliant, and the system to have controls in place to protect personally identifiable information the third party will have on citizens as a result of providing the service.

A requirement detailed in the ATM is that the service, to go live on September 28, 2018, be stable and reliable, and available 24/7.

The ATO doesn't have the best track record with 24/7 availability; the first in a long string of outages plaguing the agency dates back to December 2016 when the government entity suffered "one-of-a-kind" SAN outages.

Although the ATO said issues were rectified, further service disruptions ensued.

The government department had to turn its mainframe off and switch it back on again last July, when a disruption occurred five days into the new financial year.

The department responded with promises of "smooth operating" IT, as well as the assurance of a more "connected and bulletproof" system than ever before.

Addressing the Finance and Public Administration References Committee in March, the ATO's CIO Ramez Katf discussed the outages, revealing that his office is still unsure whether the cables identified as a main element causing the initial SAN outage were defective or incorrectly installed, with a final report from Hewlett-Packard Enterprise -- now DXC Technology -- yet to be published.

A few days later, the taxation office took its website offline following a Twitter post notifying users that scheduled maintenance had been postponed.

PREVIOUS AND RELATED COVERAGE

Four years ago no one would know if we had an outage: ATO

Following a string of IT issues plaguing the ATO, its chief digital officer has said future-proofing its infrastructure for a software-driven future is a priority.

TPG hit with AU$360,000 fine for spamming

The notoriously tight-lipped company gets spammy when its unsubscribe link doesn't work.

Domino's Australia looking into former supplier as source of customer spam

The pizza chain said it is conducting an investigation into how some of its customers were spammed.

Why we might see more spam and phishing post-GDPR (TechRepublic)

IBM Security's Caleb Barlow explained the unintended consequences of the GDPR, and how the regulation removed essential data security professionals rely on to do their job.