Transparency builds trust
The way an organisation responds to a data breach has changed consumers perception of privacy. It is no longer about just trusting an organisation to keep data safe and secure. It is now also about being transparent and letting consumers know of any change in how that data is used or if there is a breach.
The way an organisation responds to a data breach has changed consumers’ perception of privacy. It is no longer about just trusting an organisation to keep data safe and secure. It is now also about being transparent and letting consumers know of any change in how that data is used or if there is a breach.
As individuals become more aware of how much personal data is captured through technology and connectivity, they are increasingly wanting to know how their information is being used or disclosed.
To determine how Australia’s 104 leading consumer brands perform against privacy best practice, Deloitte surveyed more than 1,000 consumers (representing Australia’s demography). This was supplemented by website and media analysis. The inaugural Deloitte Australian Privacy Index 2015 also includes qualitative verification from the brands across 11 industry sectors.
Banking and finance sector does well
The best performing industries assessed by the inaugural index were transparent – a key indicator of trust. They also had the best governance policies and procedures, and were up to date with current regulatory change. The industries that did best in order were:
2. Banking and finance
3. Social Media
4. Health and fitness
9. Travel and transport (airlines, agencies, hotels, taxis)
10. Telecommunications (mobile, internet, phone)
11. Media (news, television, radio, entertainment)
Transparency builds trust
Of the just under 20 per cent of survey respondents notified of a breach, 34 per cent said they trusted that organisation more. In addition, 73 per cent of this cohort who received a privacy breach notification did not trust the organisation any less following the notification.
The survey also picked up a tendency towards disconnect between reality and consumer’s perception.
While social media brands were not viewed favourably by consumers, they tend to be more transparent in how they use the information they collect. While banking, finance and insurance industries are perceived positively by consumers, other industries did better in the website analysis due to the transparency of their information use and education on how they use that information.
Starting to make headway
The study reveals that organisations are beginning to put privacy governance structures in place. In addition, more than 75 per cent of responding organisations indicated they had a privacy officer role.
Over 50 per cent of these organisations have performed at least one Privacy Impact Assessment. And of these organisations, 60 per cent have performed more than five assessments.
- Government organisations were the clear leaders in privacy across all three components achieving four positions in the top 10
- Government and banking and finance organisations tended to have online policies with supporting material explaining different aspects of privacy
- Government organisation websites also had the lowest number of third party cookies
- The banking and finance sector dominated half of the top 10 in the index, with 70 per cent of organisations in the banking and finance industry assessed, appearing in the top 50 per cent of the index
- While consumer and media sentiment was low regarding social media, the social media sector performed strongly in the index due to the transparency of its online policies
- The social media industry leaves the second lowest number of third party cookies on the device of a consumer, just behind government organisations
Organisations that did well had
- Fewer third party cookies tracking consumer behaviour
- Cookies on their websites which do not stay on the consumer’s device for a long time
- A trusted brand according to consumers
- Few or no major privacy events reported in the media.
Trust, complaints and breach
Consumers were asked to indicate up to five brands and industries they trusted most and five they trusted least. We also assessed complaints received on how brands managed breaches. Some 18 per cent of consumers surveyed had received a privacy notification after a loss of personal data by an organisation. Of those, 34 per cent said they trusted that organisation more compared with 27 per cent who said they trusted them less.
- Australian consumers are most concerned about their credit card details (67 per cent), their passport number (46 per cent) and their driver licence number (43 per cent). They are also most reluctant to share these three items due to their sensitivity
- The insurance industry is trusted less with personal information than banking and finance
- Overall 67 per cent of the 1,000+ consumers surveyed have never had a privacy issue with a brand
- The remaining 33 per cent have had a privacy issue with an organisation, but only 14 percent have complained.
The new unified privacy principles, the Australian Privacy Principles (APPs), with its changes to the credit reporting provisions and new enforcement powers for the Commission introduced in March 2014 by the Office of the Australian Information Commissioner’s (OAIC), have resulted in:
- 4016 privacy complaints (a 43 per cent increase on the previous 12 months)
- 14,064 privacy inquiries
- 104 voluntary data breach notifications
- 13 privacy assessments commenced.
The Australian Privacy Commissioner, Timothy Pilgrim, noted: “Good privacy practices are good for business, particularly in building customer trust.”
The ongoing focus that the Deloitte Australian Privacy Index 2015 has highlighted and the Commissioner has determined for the forthcoming 12 months is for organisations and agencies to build a culture of privacy, and to ensure that they are proactive in meeting their compliance requirements.
This article was first published in Asia-Pacific Banking & Finance.