Over half of privacy policies inadequate, OAIC finds as consumers' privacy ignorance persists

Most Australians value their privacy and consider it when sharing information online, but a scathing review of privacy compliance by the Office of the Australian Information Commissioner (OAIC) has been reinforced by survey results suggesting that most Australians feel there are still inadequate privacy controls in place.

Despite some assessments that recent tightening of Australia's privacy laws had improved the protection of personally identifiable information (PII), three-quarters of the 1200 respondents to an Intel Security survey could not name any privacy-related government policies, and just 8 percent could even name the Privacy Act – which was overhauled a year ago to tighten controls over PII, and to standardise protections between private and public sectors.

Coming during 2015 Privacy Awareness Week – an annual exercise run by the Asia Pacific Privacy Authorities (APPA) forum – the results suggest that regulators, government and private-sector organisations still have a long way to go in building consumer confidence in privacy legislation.

“Clearly the government and businesses have to make a concerted effort to educate Australians about privacy laws and instill confidence that when a privacy intrusion occurs, the matter will be investigated and resolved swiftly and transparently,” Intel Security APAC president Gavin Struthers said in a statement, “with further measures put in place to help prevent it from happening again.”

The week also saw the release of an OAIC assessment of the online privacy policies of 20 Australian and international organisations.

Some 55 percent of the examined policies did not meet the requirements of Australian Privacy Principle (APP) 1, which requires organisations to have a privacy policy that is “clearly expressed and up to date”.

“Over the last 12 months, we have provided a range of guidance to organisations and agencies including how to develop privacy policies,” privacy commissioner Timothy Pilgrim said in a statement, noting that many policies are still too long – with a median length of 3413 words – “making it difficult to locate relevant information.”

“We are now checking in on how the new requirements have been implemented,” he continued. “I encourage all organisations and agencies to review their privacy policies with the aim to make it as easy as possible for their customers to understand how their personal information will be respected and protected.”

Some 49 percent of respondents to the Intel Security survey said they think companies with privacy policies are more trustworthy than those without one – but many customers still lack the information they need to understand how their PII will be used.

Only 24 percent of respondents said businesses are quick to fix situations where there has been a misuse of personal information, and even the most-trusted industry sector – healthcare – was only trusted by half of respondents. Social media (33 percent), public WiFi services (30 percent) and application developers (28 percent) were the least trusted when it came to protection of personal information.

Fully 80 percent of respondents expressed “high concern” about the privacy of their PII, with phishing scams (75 percent) and cloud-security breaches (65 percent) also concerns.

“These findings should be a wakeup call to both the government and businesses that they aren't doing enough to communicate and improve transparency and accountability regarding privacy,” Intel Security's Struthers said.

“Both need to instill greater trust in the public. It's clear that the public wants to believe that their data is safe, but much needs to be done before we can sleep easy.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Copyright © 2015 IDG Communications, Inc.

The 10 most powerful cybersecurity companies