Published on the 11/05/2016 | Written by Beverley Head
The big bad bogeyman that is mandated data breach notification won’t be that big or bad after all…
The second Deloitte Australian Privacy Index reveals that 71 per cent of consumers do not trust an organisation any less after being notified of a data breach. So the fact that a breach notification bill is slated to be introduced to Parliament following the July election should not overly concern Australian enterprises.
Deloitte partner Tommy Viljoen said that there had been a “lot of resistance” to data breach notification a couple of years ago but that this had ebbed away. Marta Ganko, client manager in cyber risk services for Deloitte, however noted that there was still “angst” among some businesses about the organisational aspects of the proposed legislation. This is what will exercise CIOs when the legislation is finally introduced; what systems are in place to first identify, then to determine the seriousness of, a breach? And what processes and systems will be required to ensure affected individuals are notified?
The survey, which is a composite of a 1,000 consumer survey, a mobile app and website investigation, and a survey of 116 of the leading brands operating in Australia provides interesting insight into consumer attitudes to privacy and the way their personal data is used, and abused.
A possible wakeup call for some companies is the fact that 94 percent of consumers rate trust as more important than ease of use of a website, app or device. While the survey is brand anonymous, banks and financial services, and government agencies hold the top 16 “trust” slots on the index -with an unnamed technology company entering the ladder at number 17.
Viljoen said that the privacy regime in Australia was not as strict as that in the European Union or some US states. It was instead “more balanced” – leaving organisations to tackle privacy issues based on a risk analysis.
That said, he acknowledged that the survey revealed a “direct correlation between regulation and the trust in those brands”. The less regulated the sector the lower the level of trust, according to the survey.
The “wriggle room” still available to Australian enterprises meant that “cowboy behaviour is possible at the lower end of the market,” said Viljoen.
It was why the four year stay of execution granted for the Office of the Australian Information Commissioner (OAIC) in this month’s budget was so important he said.
“It’s absolutely essential because not every organisation is going to do the right thing,”
Although plans were afoot to wind up the OAIC, last week’s budget confirmed that the office would receive ongoing funding of $37 million over four years to continue both its privacy and freedom of information functions.
