Published on the 20/07/2017 | Written by Jonathan Cotton
With continual high-profile data breaches, people are rightfully selective about info sharing...
According to the 2017 Unisys Security Index, Australians and Kiwis may be willing to use IoT conveniences where they see a compelling enough reason (such as personal safety and medical emergencies) but are gravely concerned about the privacy and data security implications.
The report said the vast majority of Australians, 82 percent, and New Zealanders, 84 percent support using their phone or smartwatch to alert police to their location during emergencies, yet only 35 percent (NZ: 31 percent) support police being able to monitor fitness tracker data anytime to determine their location at a certain time.
Similarly, less than one in three people support using a smartwatch app to make payments (29 percent/NZ: 27 percent), or a health insurer accessing fitness tracker data to determine a premium or reward customers for good behaviour (26 percent/NZ 20 percent).
And it’s little wonder. Both the private and public sector in Australia has been slow to meet basic security expectations. Only this year did the federal Government pass mandatory computer security breach reporting laws (a full fifteen years after California became the first to do so), and as high profile breaches continue to embarrass data collectors, public and private alike, the cautious attitude among consumers is understandable.
In New Zealand those laws don’t even exist yet, with changes caught up in a review of the Privacy Act with reporting breaches of personal data as first proposed in 2014 still not implemented.
A case in point is the nearly 20,000 Australians caught up in the Bupa data breach last week.
Bupa, an international private insurer, admitted Friday that an unauthorised employee had “inappropriately copied and removed some customer information” including names, dates of birth, nationalities, and some contact and administrative details including Bupa insurance membership numbers”.
Subsequently the stolen data was made available to “other parties”.
The breach was not a cyber-attack nor external data breach the company said, rather a “deliberate act by an employee”.
“We are contacting those customers who are affected to apologise and advise them, as we believe the information has been made available to other parties.”
Globally, more than 540,000 people have been affected, with around 19,595 being Australian customers.
As IoT becomes more pervasive (connected devices are expected to balloon to 30.7 billion in 2020), finding a balance between service and security is front of minds for customers and service providers alike. For example, in the above report, data security is the biggest reported barrier to customer supporting a smartwatch payment app.
“To address consumer concern around data security of smartwatch payment channels, banks need a multi-pronged approach that spans technology and policies to secure the data, as well as reassuring customers by communicating the steps taken by the bank to protect them – a fine line in delivering a frictionless customer experience whilst making sure they are secure,” said Richard Parker, vice president financial services, Unisys Asia Pacific.
The majority of Australians and New Zealanders do not support data analytics being used to sell goods and services to them. Sixty-two percent (NZ 64 percent) do not support banks monitoring individual customer spending behaviour to offer related products such as insurance for items they have purchased.
“Ironically, while [companies] may be trying to improve the customer experience, if businesses cross the line and appear to invade their privacy by revealing that they know more about them than what the customer has knowingly shared, it just turns the customer off,” said Parker.
“Technology alone is not enough; it must be used in the context of understanding human nature and cultural norms.”