Over half of privacy policies inadequate, OAIC finds as consumers' privacy ignorance persists

Most Australians value their privacy and consider it when sharing information online, but a scathing review of privacy compliance by the Office of the Australian Information Commissioner (OAIC) has been reinforced by survey results suggesting that most Australians feel there are still inadequate privacy controls in place.

Despite some assessments that recent tightening of Australia's privacy laws had improved the protection of personally identifiable information (PII), three-quarters of the 1200 respondents to an Intel Security survey could not name any privacy-related government policies, and just 8 percent could even name the Privacy Act – which was overhauled a year ago to tighten controls over PII, and to standardise protections between private and public sectors.

Coming during 2015 Privacy Awareness Week – an annual exercise run by the Asia Pacific Privacy Authorities (APPA) forum – the results suggest that regulators, government and private-sector organisations still have a long way to go in building consumer confidence in privacy legislation.

“Clearly the government and businesses have to make a concerted effort to educate Australians about privacy laws and instill confidence that when a privacy intrusion occurs, the matter will be investigated and resolved swiftly and transparently,” Intel Security APAC president Gavin Struthers said in a statement, “with further measures put in place to help prevent it from happening again.”

The week also saw the release of an OAIC assessment of the online privacy policies of 20 Australian and international organisations.

Some 55 percent of the examined policies did not meet the requirements of Australian Privacy Principle (APP) 1, which requires organisations to have a privacy policy that is “clearly expressed and up to date”.

“Over the last 12 months, we have provided a range of guidance to organisations and agencies including how to develop privacy policies,” privacy commissioner Timothy Pilgrim said in a statement, noting that many policies are still too long – with a median length of 3413 words – “making it difficult to locate relevant information.”

“We are now checking in on how the new requirements have been implemented,” he continued. “I encourage all organisations and agencies to review their privacy policies with the aim to make it as easy as possible for their customers to understand how their personal information will be respected and protected.”

Some 49 percent of respondents to the Intel Security survey said they think companies with privacy policies are more trustworthy than those without one – but many customers still lack the information they need to understand how their PII will be used.

Only 24 percent of respondents said businesses are quick to fix situations where there has been a misuse of personal information, and even the most-trusted industry sector – healthcare – was only trusted by half of respondents. Social media (33 percent), public WiFi services (30 percent) and application developers (28 percent) were the least trusted when it came to protection of personal information.

Fully 80 percent of respondents expressed “high concern” about the privacy of their PII, with phishing scams (75 percent) and cloud-security breaches (65 percent) also concerns.

“These findings should be a wakeup call to both the government and businesses that they aren't doing enough to communicate and improve transparency and accountability regarding privacy,” Intel Security's Struthers said.

“Both need to instill greater trust in the public. It's clear that the public wants to believe that their data is safe, but much needs to be done before we can sleep easy.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags Privacy Awareness Weekprivacy policiesOffice of the Australian Information Commissioner (OAIC)gavin struthersgovernmentCSO AustraliaOAIC

More about APACCSOEnex TestLabIntel

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place