Concerned about privacy, Australians embrace mandatory data-breach scheme

Australians are becoming more concerned about their privacy and businesses are signing on for privacy-awareness activities as a result, the government’s information commissioner has noted as figures suggest 40 percent of Australians are uncomfortable with the government using their personal details for research or policy-making purposes.

The Office of the Australian Information Commissioner (OAIC) received 17 percent more privacy complaints during fiscal 2016-17 than the year before, the organisation’s recently released annual report revealed, with 16,793 privacy enquiries handled and 24 percent more information commissioner reviews received than in the previous year.

“Developments in technological, social, commercial and government service delivery environments continue to drive increasing community and professional interest in privacy and privacy governance,’ said Australian information and privacy commissioner Timothy Pilgrim in a statement.

Pilgrim lauded the “growth in privacy awareness” shown by the private sector, which saw a 49 percent increase in Privacy Awareness Week partners – of which there were 369 businesses and agencies – and an increase in Privacy Professionals’ Network (PPN) participants from 169 to 1235 members.

This reflects growing awareness of the need for better security and governance of private information, which will be tested as the newly legislated Notifiable Data Breach (NDB) scheme comes into effect in February.

OAIC received 114 voluntary data breach notifications during the 2016-17 year, a 7 percent increase over the previous year and a hint of what is likely to come once the NDB comes into force. The office also managed 35 mandatory data breach notifications – a 119 percent increase over the previous year – and closed 92 percent of voluntary data breach notifications within 60 days.

Fully 95 percent of respondents to the OAIC’s newest Australian Community Attitude to Privacy Survey (ACAPS) approved of the NDB and its goals – which Pilgrim said reinforces the understanding that citizens and customers attach significant value to their privacy. Interestingly, some 82 percent of the 2062 received freedom of information (FOI) requests – which are being processed by OAIC after the federal government re-asserted its role in the 2016-17 budget – related to individuals applying to access their own information.

The OAIC has been actively working to help organisations get ready for the new compliance environment, kicking off development of the Australian Public Service Privacy Governance Code – which will come into effect on 1 July 2018 – and releasing the Privacy Impact Assessment (PIA) eLearning Program designed to “improve skill and capability within Australian businesses and agencies”.

Community attitudes. Improvements in agencies’ and businesses’ privacy policies will be crucial as the public becomes more attuned to issues around data privacy and reuse. Fully 69 percent of respondents to the ACAPS survey said they were more concerned about online privacy than they were five years ago, with 32 percent citing online services as the biggest risk to privacy.

Identity fraud and theft were named as the biggest risk by 19 percent of respondents, with data breaches (17 percent) and theft of financial data (12 percent) the other biggest perceived risks.

Fully 58 percent of respondents said they had decided not to deal with particular businesses due to security concerns, with 79 percent saying they didn’t want their data shared with other organisations and – in a solid reiteration of data-sovereignty issues – 93 percent saying they didn’t want their personal data to be sent overseas.

Yet the survey also uncovered some lax privacy practices amongst the same people that claim to be concerned about security: just 61 percent, for example, check the security of web sites before giving personal information and only 43 percent said they had adjusted their privacy settings.

“The striking message in the 2017 survey,” Pilgrim noted, “is that while privacy is attracting concern from Australian consumers and communities, many of us are not converting that concern into using basic privacy protections that are already available to us.

“So, while it’s encouraging to see Australians taking privacy seriously, it’s important for individuals to use this concern to take active steps to protect their personal information. This includes knowing our privacy rights and protections, and insisting that the organisations we deal with take those protections seriously.”