Australian Community Attitudes to Privacy Survey released and results are consistent with overseas findings…that privacy is seen as important, there is an unease how their personal information is collected and used, there is a distrust of government and business in their attitude to privacy and data breaches are a major concern. These are hardly new findings. It is just that not much is done to fix the problems
August 13, 2023 |
The Office of the Information Commissioner has released the he Australian Community Attitudes to Privacy Survey (ACAPS) 2023 provides a comprehensive view of Australians’ privacy attitudes and experiences and how recent events have impacted them. The survey finds that Australians care about their privacy, they feel they have little control over it and are concerned how their information is handled. They want more to be done to protect their privacy. These findings reinforce findings of previous surveys in Australia. They are also consistent with the Pew Research Center’s 2019 survey of Americans with Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information in 2019.
The problem has never been that discerning Australians’ attitude to privacy. Repeated surveys show they value it and want it protected. The problems are well known as well; ineffective legislation & timid enforcement of what there is, chronic under investment in cyber security and privacy training and a lack of any right to take action for breaches. Report after report into privacy legislation has made this clear. What has been lacking is the will. Governments of both persuasions have alternated between hostility and tentativeness towards privacy reform. The result has been minimum protection.
The Government is considering the Privacy Act Review Report prepared by the Attorney General’s Department. The recommendations do not go far enough in legislating best practice privacy protections. If the Government accepted all of the recommendations the legislative structure will provide robust protections. Then it is a question of properly funding the regulator and staffing it with people who will be much more assertive in taking action against breaches. Even with greater powers provided in 2014 the Commissioner’s Office has been a timid regulator and poor litigator in the Federal Court.
The media release sets out a reasonable summary of the findings. It provides:
There has been a sharp increase in the number of Australians who feel data breaches are the biggest privacy risk they face today, according to a major survey released today by the Office of the Australian Information Commissioner (OAIC).
The Australian Community Attitudes to Privacy Survey (ACAPS) 2023 provides a comprehensive view of Australians’ privacy attitudes and experiences and how recent events have impacted them.
The survey tested attitudes on topics such as data practices, privacy legislation, data breaches, biometrics, artificial intelligence and children’s privacy.
“Our survey shows privacy is a significant concern for Australians, especially in areas that have seen recent developments like artificial intelligence and biometrics,” said Australian Information Commissioner and Privacy Commissioner Angelene Falk.
“Australians see data breaches as the biggest privacy risk today, which is not surprising with almost half of those surveyed saying they were affected by a data breach in the prior year.
“There is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required.”
Among the key themes of the survey are:
-
- Australians care about their privacy. Nine in 10 Australians have a clear understanding of why they should protect their personal information, and 62% see the protection of their personal information as a major concern in their life.
- Australians don’t feel in control of their privacy and don’t know what to do about it. Only 32% feel in control of their privacy, and half believe if they want to use a service, they have no choice but to accept what the service does with their data. Three in five care about their data privacy, but don’t know what to do about it.
- Most Australians have had a negative privacy experience. Forty-seven per cent were told by an organisation that their personal information was involved in a data breach in the year prior, and three-quarters said they experienced harm because of a data breach.
- Australians have strong feelings about certain data practices. Nine in 10 are concerned about organisations sending customers’ information overseas. Ninety?six per cent want conditions in place before artificial intelligence is used to make decisions that might affect them.
- There are high levels of distrust. Only four sectors (health, federal government, finance and education) are more trusted than not by Australians to handle their personal information. Less than half of people trust organisations to only collect the information they need, use and share information as they say they will, store information securely, give individuals access to their information and delete information when no longer needed.
- Australians want more to be done to protect privacy. Eighty?four per cent want more control and choice over the collection and use of their information. Around nine in 10 Australians would like businesses and government agencies to do more to protect their personal information.
Commissioner Falk said the survey has important signposts for organisations.
“The findings point to several areas where organisations can do more to build trust in the community,” she said.
“Not only is good privacy practice the right thing to do and what the community expects, it’s a precondition for the success of innovations that rely on personal information.”
The survey findings also show there is strong support for privacy law reform.
“We are at a pivotal moment for privacy in Australia, where we can seize the opportunity to ensure laws and practices uphold our fundamental human right to privacy,” Commissioner Falk said.
“This is an opportunity to ensure the protections the community expects are reflected in the law.
“The OAIC will use the findings to inform our ongoing input into the review of the Privacy Act and to target our activities at areas of high concern among the community.”
…………….
Key findings
-
- Three-quarters of Australians feel data breaches are one of the biggest privacy risks they face today. This has increased 13 percentage points since 2020.
- Seventy per cent of Australians place a high level of importance on their privacy when choosing a product or service. After quality and price, data privacy is the third most important factor when choosing a product or service.
- Australians trust health service providers the most and social media companies the least when it comes to the protection and use of their personal information.
- Only 42% of Australians feel most organisations they deal with are transparent about the way they use their personal information, and three in five don’t understand what organisations do with the information they collect.
- Over half of Australians consider having to share some personal information if they want to use a service fair enough. However, they generally only consider it fair and reasonable to provide their name (81%) and email address (77%) to organisations and, to a lesser extent, their phone number (68%), date of birth (62%) and physical address (61%).
- Protecting their child’s personal information is a major concern for 79% of parents. However, only half feel they are in control of their child’s data privacy. Eighty-five per cent of parents believe children must be empowered to use the internet and online services, but their data privacy must be protected.
Takeaways for individuals
-
- Know your privacy rights.
- Treat your personal information as an asset. Only share it when necessary and only with organisations and people you trust.
- Take action to protect your privacy. There are small things you can do like adjusting privacy settings and reading privacy policies to learn how your information will be used.
- Make a point of talking about privacy with your friends, family and especially children.
- Follow the OAIC on Facebook for privacy tips, news and resources.
Takeaways for organisations
-
- Go back to basics:
- Don’t collect personal information you don’t need.
- Securely store personal information.
- Delete or deidentify personal information when it is no longer needed.
- Help individuals protect their privacy and make informed choices, for example, through privacy education and being clear and transparent about how you use their information.
- Ask yourself whether the community would consider your practices to be fair and reasonable.
- If you experience a data breach, quickly take steps to prevent customers suffering harm, report the breach and notify individuals if it is likely to result in serious harm, and consider making improvements to your privacy practices.
- Make good privacy practices part of your point of difference.
- Go back to basics: