Today our Australian IPT team attended the ‘Industry Debrief: Mapping the community’s privacy expectations’ presented by the Australian Information and Privacy Commissioner, Timothy Pilgrim, and Principal from The Wallis Group, Jayne Van Souwe.

We heard some of the key issues raised by the 2017 Australian Community Attitudes to Privacy Survey and part of the Office of the Australian Information Commissioner’s (OAIC) plan to address rising privacy concerns in Australia. It was also notable that the survey confirmed many Australians as being comfortable with and welcoming the new mandatory data breach notification rules due to come into effect in early 2018.

Survey findings:

  • 83% of all Australians viewed online interactions are inherently more risky in privacy terms (although many privacy breaches that the OAIC currently handle are offline and low tech).
  • 25% never ask why their personal information is being collected.
  • 9 in 10 Australians are concerned about personal information being transferred overseas and confirm they do not like it.
  • 79% are uncomfortable with sharing their data in a commercial sector.
  • Young Australians under 35 are the most likely to exchange data for benefit.
  • The health sector continues to be regarded as the most trustworthy, with financial institutions and government sector following closely behind.

Some notable key points:

  • there is a considerable gap between privacy concern and actions of all Australians;
  • consumer’s decision making relies on existing goodwill and trust in an organisation over detailed policies – for example, many Australians are not likely to read a long and complex privacy policy; OAIC confirming that simplifying privacy policies will be a core focus; and
  • there is significant personal responsibility in personal information protection. Everyone has a role to play.

The Commissioner, Mr. Pilgrim, highlighted some actions the OAIC has recently undertaken and some currently in progress, including:

  • working with CSIRO to develop tools to assist with de-identification of data and information – the OAIC posing the question “Can you really de-identify personal information?”;
  • preparing the OAIC response to the Productivity Commission report on Data Availability and Use that was released last week;
  • working with the Prime Minister’s public data groups to establish how data can be used for “good purposes” and how to avoid the impact on individuals – in line with a trend towards open and effective use of data;
  • exploring the social / economic use of personal information – a possible social licence for innovative data use, including options of notice and consent;
  • their recently published guide to “personal information” on the OAIC website;
  • the final Australian businesses and the EU General Data Protection Regulation guidance is to be released within the coming weeks. See the draft resource here – according to the Privacy Commissioner, the GDPR is “extraordinarily important” to Australian businesses; and
  • educating Australians about the Right of Access to personal information, indicating a potential focus point on data subject access right here also.