The Deloitte Australian Privacy Index released this week produced some surprising results, not the least of which was that nearly three quarters of consumers don’t trust a brand any less even after they have been notified of a data breach.
This is something of a happy surprise for the corporates that have spent years campaigning against the introduction of mandatory data breach notification legislation.
Apparently Australian consumers are sophisticated enough to know that if they are being notified of a breach in an un-legislated environment, that their personal data must be being treated with respect.
The 2016 Australian Privacy Index is Deloitte’s second annual assessment. It is slightly odd, in that it is a composite of survey of 1,000 consumers about their attitudes to the 116 top brands, combined with a mobile app and website investigation of these brands treatment of data and privacy messaging.
The fact that it is focused on top brands skews the results. But because it measures sentiment, it is nonetheless both fascinating and useful.
For one thing, the 71 per cent of consumers who don’t trust a brand any less as a result of receiving a data breach notification tells us the corporate should be more relaxed about the mandatory notification legislation that is expected to be tabled in Parliament after the election.
It also found that Australian consumers equate good privacy practices with trust about how their data will be kept safe, used and shared.
It is interesting also that the most trusted brands in the Deloitte Privacy index were from the most regulated industries: Of the top ten brands, seven were from Banking and Finance, and three were Government. These industries were followed by Energy, then Insurance and then Telecommunications as the ‘most trusted.’
This surely points to a role for regulator on issues of privacy, although it does not tell us what that role should be – the source of many heated debates.
The trust issue would seem self-evident. That Australians, whether they are millennials or baby boomers, want to be confident that the organisation with which they entrust their personal data should be reliable and that their personal data is treated with respect.
“We want to know our information is secure when it is submitted via publicly available means, such as a website or mobile app,” said Deloitte national lead partner, Cyber Risk Services, Tommy Viljoen. “And we also want to know how our information will be used.”
“One of the most telling findings in this year’s consumer survey is that 94 per cent of the 1,000 participants value trust over convenience, whether using a website or a mobile app,” Mr Viljoen said. That is fascinating.
The consumer sentiments about their privacy experience with top brands do not paint a full picture of the privacy issues in Australia. But it fill in some gaps. And it does demonstrate the how quickly the privacy landscape is shifting.
It might go some way to explaining why the Turnbull Government has given the Office of the Australian Information Commissioner a new lease of life – with an extension of $37 million in funding over four years in the Budget. This is in stark contrast to the year-ago budget, which indicated funding would dry-up and the agency duties would fold into the Attorney-General’s department.
Deloitte’s Cyber Risk Services client manager Marta Ganko – one of the co-authors of the report – said consumers were increasingly aware data sharing practices, and that organisations needed to pay attention to transparency and building trusts.
“As organisations collect and share more of their customers’ data with external parties, consumer confidence, trust, choice, as well as commercial interests, become important elements to balance in an increasingly digitally borderless world,” Ms Ganko said.
Deloitte’s Asia Pacific Cyber Lead James Nunn-Price said privacy issues were inextricably linked to broader security issues.
He said the Commonwealth’s recent focus on the challenges and opportunities the tech industry of cyber security would have a flow-on effect of better privacy practices in Australia, as both business and citizens became more security-aware.
Better data handling practices, and better overall cyber security would ultimately drive economic benefit across the economy, Mr Nunn-Price said.