Approximately every three years, the Office of the Australian Information Commissioner via the Privacy Commissioner’s Office conducts an Australia-wide survey to get a snapshot and understanding of the beliefs and concerns held by the community about privacy and the protection of personal information. The findings of the latest such survey were published 24 Sept. 2020.
The last survey was conducted in 2017, and the 2020 survey shows that data privacy remains a significant and growing concern for 83% of Australians, particularly as the digital environment innovates, grows and becomes even more ubiquitous. Additionally, new and increased data collection and use practices continue to arise in ways that concern individuals, and this can create a trust deficit between them and organizations. Major themes from the survey include:
- Community concerns about privacy are based on experience: 59% of Australians had a problem with how their data was used over the past year, such as receiving unwanted marketing communications, or their information being collected when not required.
- Australians are increasingly questioning data practices where the purpose for collecting personal information is unclear: 81% considers it a misuse for an organization to ask for information that doesn't seem relevant to the purpose of the transaction, up 7% since 2017.
- Privacy is the leading consideration when choosing whether to download an application or program, ahead of quality, convenience and price: 84% considers privacy extremely or very important when choosing a digital service.
- The community wants more information and clearer privacy policies to help them manage their privacy: 85% has a clear understanding of why they should protect their personal information, but 49% says they don’t know how.
- Most Australians believe they should be able to: Have the right to ask a business to delete their personal information (84%) and seek compensation in the courts for a breach of their privacy (78%).
Australians are particularly uncomfortable with personal data aggregators or platforms that track their location through their mobiles or web browsers (62%) and keep databases of information on what they have said and done online (62%). Australians are increasingly questioning data practices where the purpose for collecting personal information is unclear, with 81% of respondents considering “an organization asking for information that doesn't seem relevant to the purpose of the transaction” as a misuse.
Community concerns regarding data privacy remain high, and the survey data indicates quite clearly that numerous organizations either routinely collect more personal information than is needed to provide a product or service or use that data in unexpected ways, making Australians uncomfortable and creating a trust deficit.
We also note there is currently a range of legal and regulatory changes coalescing in the privacy space that need to be within line of sight of your C-suite for consideration, planning and action. On 30 Oct., the federal government released the terms of reference and issues paper for a review of the Privacy Act 1988 (Cth).
The issues paper specifically recognizes “as data-driven innovation provides valuable services that many of us use and enjoy and as Australians spend more of their time online, and new technologies emerge, such as artificial intelligence, more personal information about individuals is being captured and processed, it raises questions as to whether Australian privacy law is fit for purpose.” Of significance are proposed changes to the penalty regime where penalties will be increased from $2.1 million to the greater of 10% of a company's annual domestic turnover, $10 million or three times the value of any benefit obtained through the misuse of information.
The Privacy Act review announcement also follows the final report of the Australian Consumer & Competition Commission into the Digital Platforms Inquiry and the federal government's response to the final report, in which the government accepted the "overriding conclusion that there was a need for reform." One major area of reform is the requirement to obtain express consent in various situations to collect and use personal data.
Each of these privacy initiatives ties back to recent research and insights into the relationship between heightened consumer trust and meaningful consent practices. For a copy of the Deloitte 2020 Privacy Index, please click here.
What should my business do?
Australian consumers are becoming increasingly aware of privacy risks, they are developing a better understanding of what privacy means to them in the digital environment and how an organization manages consumer privacy may sometimes be a ‘make or break’ factor when deciding to deal or continue dealing with that organization.
The privacy landscape is rapidly shifting as new laws seek to close the gap between consumer privacy protections and technological advancements. An organization’s mismanagement of or lack of appropriate investments in privacy and data protection risks can result in serious financial and non-financial loss, reputational and brand harm and the loss of consumer trust. Now is the time to start planning for the impact of these regulatory changes and mapping out your future state privacy strategy.
Photo by Joey Csunyo on Unsplash
If you want to comment on this post, you need to login.