Deloitte launches inaugural Australian Privacy Index
- Transparency builds trust
- Government and banking & finance organisations performed best overall
- Technology followed by social media have the best online policies and education
- Culture is key to ensuring the best privacy governance structures are in place
4 May 2015: The way an organisation responds to a data breach has changed consumers’ perception of privacy, from one of simply trusting an organisation to keep data safe and secure, to one of being transparent, and letting the consumer know of any change in data use or a data breach.
Lead Partner, Deloitte Cyber Risk Services Tommy Viljoen said: “As individuals become more aware of how much personal data is captured through technology and connectivity, we are becoming increasingly sensitive as to how our information is being used and disclosed.”
To determine how Australia’s 104 leading consumer brands perform against privacy best practice, Deloitte surveyed more than 1000 consumers (selected to represent Australia’s demography). Supplemented by website and media analysis, the Privacy Index also includes qualitative verification from the brands across 11 industry sectors.
In this national Privacy Awareness Week (3-9 May) the Australian Privacy Commissioner Timothy Pilgrim is vocal about the importance of privacy governance. He measures the maturity of an organisation’s governance and leadership by the importance it places on privacy.
The national theme for the 2015 Privacy Awareness Week is Privacy everyday. Privacy should be an essential component of everyday life, including transactions such as internet banking, social media and online shopping. The theme emphasises the need for organisations to embed privacy practices into business as usual processes, and for individuals and the community to think about how to protect privacy in their everyday lives.
Deloitte Australian Privacy Index 2015 overall sector ranking
The best performing industries assessed by the inaugural Deloitte Privacy Index were transparent – a key indicator of trust. They also had the best governance policies and procedures, and were up to date with current regulatory change.
- Banking & Finance
- Social Media
- Health & Fitness
- Travel & Transport (airlines, agencies, hotels, taxis)
- Telecommunications (mobile, internet, phone)
- Media (news, television, radio, entertainment).
Source: Deloitte Australian Privacy Index 2015
- Government organisations were the clear leaders in privacy across all three components achieving four positions in the top ten.
- Government and banking & finance organisations tended to have online policies with supporting material explaining different aspects of privacy.
- Government organisation websites also had the lowest number of third party cookies.
- The banking & finance sector dominated half of the top ten in the Index, with 70% of organisations in the banking & finance industry assessed, appearing in the top 50% of the Index.
- While consumer and media sentiment was low regarding social media, the social media sector performed strongly in the Index due to the transparency of its online policies. It leaves the second lowest number of third party cookies on the device of a consumer, just behind Government organisations.
Organisations that did well have:
- fewer third party cookies tracking consumer behaviour
- cookies on their website which do not stay on the consumer’s device for a long time
- a trusted brand according to consumers
- few or no major privacy events reported in the media.
Trust, complaints and breach
The more than 1000 consumers surveyed were asked to indicate up to five brands and industries they trusted most and five they trusted least. Deloitte also assessed complaints received as well as how the brands managed breaches. Some18% of consumers surveyed had received a privacy notification after a loss of personal data by an organisation. Of those, 34% said they trusted that organisation more compared with 27% who said they trusted them less.
- Australian consumers are most concerned about their credit card details (67%), their passport number (46%), and their driver licence number (43%). They are also most reluctant to share these three items due to their sensitivity.
- Banking & finance and government are the top two most trusted industries when it comes to safeguarding personal information
- The insurance industry is trusted less with personal information than banking & finance
- Overall 67% of the 1000+ consumers surveyed have never had a privacy issue with a brand
- The remaining 33% have had a privacy issue with an organisation, but only 14% have complained
- Social media and the telecommunications sectors accounted for 58% of the complaints regarding privacy.
- Social media had 32% of the complaints and 28% of people listed the same social media organisation as the organisation they trusted the least with their personal information
The Office of the Australian Information Commissioner’s (OAIC) focus over the past year has been on has been on developing guidance and working with organisations and agencies to ensure compliance with the significant changes introduced in March 2014. These were a new set of unified privacy principles, the Australian Privacy Principles (APPs), with changes to the credit reporting provisions and new enforcement powers for the Commissioner.
The changes have meant that the OAIC has:
- received 4016 privacy complaints (a 43% increase on the previous 12 months)
- received 14,064 privacy enquiries
- received 104 voluntary data breach notifications
- commenced 13 privacy assessments
The Australian Privacy Commissioner, Mr Timothy Pilgrim has said that ‘good privacy practices are good for business, particularly in building customer trust’.
Viljoen said: “The average cost of a data breach per Australian organisation is more than *$2.5 million per year …and rising, with the average breach involving more than *20,000 records in Australia over the five years to 2014.”
The ongoing focus that the Deloitte Australian Privacy Index has highlighted and the Commissioner has determined for the forthcoming twelve months is for organisations and agencies to build a culture of privacy, and to ensure that organisations and agencies are proactive in meeting their compliance requirements.
Gavin Cartwright, Cyber Risk Services Director and a key author of the inaugural Deloitte Australian Privacy Index, said culture was absolutely critical. He used the Voltaire quote, also popularised by the recent Spiderman movie hit, to stress the point that: ‘With great power comes great responsibility.’ He said: ‘The Power’ today comes from the volume of personal information being gleaned by organisations from users both directly and indirectly. And ‘The Responsibility’ is an increased need and expectation from Australian consumers for transparency, security, ethical use and overall governance.
“It is critical that as organisations derive benefit from personal information, the consumer is kept informed about the use and any changes to their data,” Cartwright said.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence.
About Deloitte Australia
In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia’s leading professional services firms, and winner of both the Australian Financial Review/CFO Audit Firm of the Year and Accounting Firm of the Year awards 2013, Deloitte Touche Tohmatsu and its affiliates provide audit, tax, consulting, and financial advisory services through approximately 6,000 people across the country. Focused on the creation of value and growth, and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. Formore information, please visit Deloitte’s web site at www.deloitte.com.au.
Liability limited by a scheme approved under Professional Standards Legislation.
Member of Deloitte Touche Tohmatsu Limited
© 2015 Deloitte Touche Tohmatsu