Nearly half of employees inadequately trained on Privacy Act compliance

Only 54 percent of workers believe their employers have given them adequate training about how to preserve the privacy of customers' personally identifiable information (PII), a new survey has found as privacy authorities spruik a new privacy management framework designed to help Australian organisations improve privacy compliance efforts that have been slammed as inconsistent and unbelievable by consumers.

Released by the Office of the Australian Information Commissioner (OAIC) to mark the 2015 Privacy Awareness Week – an annual awareness exercise run by the Asia Pacific Privacy Authorities (APPA) forum – the new Privacy management framework is designed to help organisations boost employee awareness of privacy responsibilities.

Specific recommendations are intended to inform organisations' privacy response along four key steps: embedding a culture of privacy, establishing robust and effective privacy processes, evaluating privacy processes to ensure continued effectiveness, and enhancing organisations' response to privacy issues.

“Privacy management is an obligation that is continuous and proactive and for it to be successful, it must have support from an organisation's leadership team,” Australian privacy commissioner Timothy Pilgrim said in a statement.

“A privacy management plan should commit both people and resources to make sure there is clear accountability for privacy in your organisation.”

Despite the myriad new responsibilities placed on organisations to protect PII by the overhauled Privacy Act – implemented a year ago to – to some positive assessments – an OAIC review published this week found that just 55 percent of companies had adequate privacy policies in place.

These results were reinforced by the results of an Intel Security survey of Australians' privacy attitudes found that most Australians are still extremely poorly educated about the Privacy Act's new protections, or indeed its existence at all (just 8 percent of respondents could even name the Act).

Only 54 percent of the 1238 surveyed respondents said their workplaces had appropriately informed them about their responsibilities in protecting the PII of the people they deal with as part of their job.

The security risks of bring your own device (BYOD) policies, which allow employees to use often insecure personal devices at work, were felt by 33 percent of respondents to outweigh any potential benefits.

Consumer attitudes supported the suggestion that many employees remain poorly trained about how to manage personal information, with just 41 percent of respondents saying that businesses clearly explain how they manage personal information – and only 41 percent saying that businesses with a privacy policy actually comply with it.

Fully 13 percent of respondents said they had had problems with the way their online personal information was handled in the last 12 months, with just 24 percent of respondents saying they felt businesses were quick and effective in fixing the situation when there had been misuse of personal information.

Respondents were split when asked who was responsible for protecting privacy, with 35 percent putting the blame on the individual and 34 percent deferring to the government. Just 28 percent believe that businesses carry primary responsibility.

Seeking to empower individuals to improve privacy protection, the OAIC also market Privacy Awareness Week by releasing a fact sheet outlining 10 practical tips to help protect personal privacy.

“It is important to take control over what happens to your personal information,” Pilgrim said. “We can all take simple actions such as reading privacy policies, being careful what we share on social media, using up-to-date security software and securely destroying our personal information. This can all contribute to the protection of our privacy’.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags employeesprivacy actpersonally identifiable information (PII)Office of the Australian Information Commissioner (OAIC)(BYODprivacy management frameworkPrivacy Act compliance

More about CSOEnex TestLabindeedIntel

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts