Privacy Commissioner releases survey on Australian Community Attitudes to Privacy in 2017

May 18, 2017 |

It is something of a rite of passage for the Privacy Commissioner to release a report on privacy compliance or a survey about community attitudes to privacy around Privacy week.  This year is no different, with a 51 page report on a survey on Australian’s attitudes to privacy, privacy risks and trust in government and organisations.  The point of reference by comparison is a similar survey in 2013.  While the results are in the main consistent with 2013, there is a growing level of concern about online privacy.  This is not much different to the results of the many surveys undertaken every year about privacy and cyber security and they all highlight the fact that people do value their privacy, they worry about intrusions into their privacy and get upset and worse when their privacy is interfered with. Surveys are a crowded field, usually undertaken by firms wanting to develop a practice in the area.  For example PwC issued a Global State of Information Security  2017, Deloite released its Deloite Australian Privacy Index 2017,  Protiviti issued Managing the Crown Jewels and Other Critical Data and Pew always puts out excellent reports based on surveys with the most recent on privacy being its September 2016 report The state of privacy in post-Snowden America.

The forward by the Privacy Commissioner highlights the office’s very tentative and non committal approach to regulation.  There is no concrete indication that there will be a change to the tentative and weak enforcement policy.  The forward provides:

Thank you for taking the time to explore the findings of the 2017 Australian Community Attitudes to Privacy Survey (ACAPS).

The ACAPS is the longest-standing and most in-depth study of how Australian attitudes to privacy have evolved, having been conducted in various forms since 1990. With the extension of the Privacy Act 1988 to cover the private sector, the survey was broadened to its current scope in 2001.

In the 16 years since then, the technological, social and consumer landscape in which our personal information is used has changed dramatically. For example, in 2001 Facebook did not exist, nor did the iPhone, and biometric identity systems like touch ID were the stuff of spy fantasy.

So it’s perhaps not surprising that the latest survey shows that Australians are increasingly concerned about the privacy risks that have evolved in tandem with new technology and new ways of connecting socially.

Sixty-nine per cent of Australians say they are more concerned about their online privacy than they were five years ago. And it seems that Australians continue to experience the privacy risks that may travel with new technology; with around one-in-four regretting social media activity and a similar percentage knowing a victim of identity theft.

As Commissioner, the striking message in the 2017 survey is that while privacy is attracting concern from Australian consumers and communities, many of us are not converting that concern into using basic privacy protections that are already available to us.

For example, the survey shows the majority of us do not regularly read the privacy policies of websites we use; and that 43 per cent of us do not regularly adjust the privacy settings on our social media accounts. Around a quarter of us have rarely or never asked an organisation why they need our personal information — even though this is a basic privacy right. And 58 per cent of us don’t know that we can request access to the personal information a business or government agency holds about us.

So, while it’s encouraging to see Australians taking privacy seriously, it’s important for individuals to use this concern to take active steps to protect their personal information. This includes knowing our privacy rights and protections, and insisting that the organisations we deal with take those protections seriously.

I also encourage all Australian businesses and agencies to understand what the 2017 ACAPS report tells us about the expectations of Australian communities — and to strive to meet those expectations with a privacy-by-design approach to product, policy and service development.

My office will be exploring the ACAPS 2017 findings in depth, to inform our priorities for the coming years — and we look forward to working closely with Australian agencies and businesses to ensure that Australian communities gain increased confidence that their personal information is respected and protected.

The privacy landscape has evolved, community expectations have followed, and now our responses need to move to the next iteration.

The summary to the Privacy Commissioner’s report has no great surprises.  It provides:

Biggest privacy risks

In 2017, Australians believe the biggest privacy risks facing the community include:

  • online services, including social media sites (mentioned by 32%)
  • ID fraud and theft (19%)
  • data security breaches (17%)
  • risks to financial data (12%).

This result is largely stable compared to responses received in 2013.

The majority of Australians claim to be more concerned about the privacy of their personal information when using the internet than five years ago (69%), a consistent finding compared to the last two surveys. A new question this year revealed that more than eight in ten (83%) believe the privacy risks are greater when dealing with an organisation online compared with other means.

Personal information people are reluctant to provide

The four pieces of information that Australians are most reluctant to provide remains stable:

  • financial details (mentioned by 42%)
  • address (24%)
  • date of birth (14%)
  • phone numbers (13%).


The community was asked how trustworthy they considered 14 different types of organisations.

The highest levels of trust were recorded for:

  • health service providers (79%)
  • financial institutions (59%)
  • state and federal government departments (both 58%).

The industries with the lowest levels of trust include social media (12%) and e-commerce (19%).

Australians will avoid dealing with organisations due to privacy concerns. The difference between the percentage of people who will avoid private companies and government agencies has widened slightly.

In 2017, one in six (16%) would avoid dealing with a government agency because of privacy concerns, while six in ten (58%) would avoid dealing with a private company, a 42 point gap. By contrast, there was only a 37 point gap (23% vs 60%) in 2013.

Use of personal information

A number of new questions revealed that while nearly half of Australians (46%) are comfortable with government agencies using their personal details for research or policy-making purposes, four in ten are not comfortable (40%), and the balance are still unsure.

Further, one-third (34%) of the community is comfortable with the government sharing their personal information with other government agencies. However, only one in ten (10%) is comfortable with businesses sharing their information with other organisations.

Only one in a hundred (1%) do not mind receiving unsolicited marketing information from organisations they had not dealt with before.

Similar to 2013, the large majority are concerned about organisations sending their personal information overseas (93%).

As in 2013, only a third of Australians are likely to trade personal information for benefits:

  • 33% would trade personal information for rewards and benefits
  • 32% would do so for better customer service
  • one in five (20%) would do so for the chance to win a prize.

Activities considered a misuse of information

Australians’ views on misuse of information have remained stable. There was agreement among Australians, with nine in ten believing that the following are examples of personal information being misused:

  • an organisation that a person has not dealt with before obtains their personal information (87%)
  • personal information is revealed to other customers (87%)
  • personal information is used for a purpose other than the one it was provided for (86%).

Social networking

The proportion of people who regret putting information on a social networking site increased from 17% in 2013 to 25% in 2017.

This coincides with a slight increase in the proportion thinking social networking is mainly a public activity (from 60% in 2013 to 63% in 2017) and a slight decline in the proportion believing it is a private activity (from 32% to 28%).

Tracking and storing online behaviour

Comfort with online tracking and online data storage remains low, with only one in five (21%) feeling comfortable with targeted advertising based on their online activities, and one in six (17%) feeling comfortable with social networking companies keeping databases of information on their online actions.

Smartphones and websites collecting information about users

Over eight in ten respondents (84%) use a smartphone.

People increasingly believe smartphone apps and websites collect information about users, with three quarters now believing this is the standard practice of both apps (66%) and websites (74%).

Steps taken to protect personal information

When it comes to protecting our own personal information, things haven’t changed much since 2013. Over three in five (61%) Australians do not regularly read online privacy policies and about half do not regularly shred documents (50%), clear their browsing history (50%), or adjust their privacy settings on social media sites (43%).

Biometric data

Our comfort level with providing biometric information is generally increasing.

The proportions of people who are somewhat or very concerned about using biometric information has reduced for:

  • accessing a licensed pub, club, bar or hotel (58% concerned, down from 71% in 2013)
  • accessing a place of work or study (46% concerned, down from 55% in 2013).

The proportion of people concerned about using biometric information to do day-to-day banking (56%) or for getting on flights (43%) are unchanged since 2013.

ID fraud and theft

Over one in ten (11%) Australians said that they have previously been a victim of identity fraud or theft. The proportion of people who know someone who has been the victim of identity fraud or theft has increased. It now stands at one in four (26%, up from 17% in 2007 and 21% in 2013).

The proportion of Australians that are concerned about identity fraud or theft is similar to that in 2013, at 69%.

Credit reporting

The large majority of people know what a credit rating is (81%). Of those who are aware, around two in five (38%) have tried to obtain their credit information.

Reporting malpractice

Nearly three in ten (28%) respondents said they had a problem with the way their information had been handled in the previous year.

Just over a third of Australians (37%) know that they can request access to their personal information that is held by government agencies or businesses. Nearly six in ten Australians (58%) believe they cannot do this.

When asked, nearly half (47%) say they are aware of the Privacy Commissioner, yet only one in fifteen (7%) said that they would report misuse of information to a Privacy Commissioner. Further, nearly half (47%) were unable to nominate an agency to make such a report to, and the most likely organisation would be the police (12%).


Leave a Reply