elevenM’s Emma Mackenzie unpacks the ACMA’s recent spam ruling against TAB, highlighting key lessons in Spam Act compliance for all Australian organisations.
The Australian Communications and Media Authority (ACMA) has released its compliance priorities for FY26, and combating spam remains firmly in the spotlight as an “enduring priority” for the year ahead.
If your business is messaging customers, let ACMA’s most recent TAB enforcement for breaching the Spam Act be a reminder to check your form.
TAB, one of Australia’s biggest names in sports betting, was pinged by ACMA in June with a $4 million fine for less than 6,000 SMS and WhatsApp messages. Unlike recent cases involving millions of messages, TAB’s breach was relatively small, but with penalties applied per day of non-compliance, the penalties added up quickly.
So, what went wrong?
Between February and May 2024, TAB account managers sent messages to VIP customers that:
- lacked an unsubscribe functionality (2,598 messages)
- didn’t include adequate sender information (3,148 messages)
- were sent without consent (after the customers had unsubscribed) (11 messages).
The messages included bonus bets, deposit matches and exclusive offers…but even messages to members of VIP programs need to comply with Spam Act obligations.
ACMA criticised TAB’s compliance systems, and have accepted a 3-year court-enforceable undertaking that includes:
- an independent review of governance, policies, procedures and systems by an independent consultant
- implementation of all recommendations made by the independent consultant
- improved consent and complaint record-keeping
- quarterly quality assurance audits
- enhanced staff training
- 6 monthly reporting to ACMA on audit results, Spam complaints, ongoing actions and training status.
This enforcement action is part of a broader pattern. In the past 18 months, businesses have been fined more than $16.9 million for spam breaches, and ACMA has made its position clear:
“We contact businesses when we receive a complaint about persistent unwanted spam or telemarketing. We’ll be escalating our approach to those businesses that do not take advantage of these early warnings and comply with the law.”
So, what’s the game plan for your business?
As FY26 begins, it’s a good time to refresh your spam compliance foundations.
Start with these five focus areas:
- Review ALL your email templates – both service messages and commercial messages to ensure they:
- are correctly classified
- accurately identify your business
- outline how to contact your business
- include functional unsubscribe buttons.
- Double check your consent
ACMA sets a high bar for inferred consent (notification alone is unlikely to cut it). Their consumer consent Statement of Expectations is especially helpful here. - Get your team match-fit with refreshed training
Marketing teams, comms teams, sales teams, data analytics teams, legal teams can all play a role in ensuring Spam Act compliance. - Stress-test your processes
Review your content approval processes, unsubscribe mechanisms, record-keeping processes, and complaint-handling processes. Uplift your processes before a problem arises. - Make sure you’re receiving spam complaint details and compliance notice
Don’t miss the forewarnings…- Are customer spam complaints being routed to the appropriate teams for investigation and follow-up?
- Are compliance notices from ACMA reaching the correct internal contacts for timely action?
When it comes to spam, the stakes are high, and the odds of leniency are low.
TAB’s $4 million penalty shows how quickly a few missteps can snowball into major consequences.
Review your systems. Refresh your training. Reinforce your governance. With ACMA’s focus on spam compliance continuing into FY26, don’t let non-compliance sneak into your budget this financial year.
Contact us
If you’re interested in learning more about privacy compliance and digital marketing, please contact us.