Privacy in your hands: but who owns the responsibility?

The Deloitte Australian Privacy Index 2016 and Australia Privacy Awareness Week both focus on whose responsibility it is to keep personal data safe. And they both talk to the ‘magic’ ingredient, the X factor for doing so, “Trust”.

Privacy Awareness Week 2016 is directly themed – Privacy in your hands – promoting the message that organisations, agencies and individuals must be vigilant when it comes to handling personal information.

In the trinity of the individual, the organisation, and enforcement agencies (and we must also be mindful of the expanded organisational privacy footprint that has to include third party providers,) it is useful to look at how the responsibility for protecting privacy breaks down, and the shadow it casts when it does so – the deep shadow of a trust broken.

What do consumers want and need?

In a world where data breaches and identity theft are everyday occurrences, an increasingly sophisticated consumer is acutely aware of danger and is concerned as to how their data is being stored and used. Customers want to be informed. They are also becoming more aware of their rights under the law as to how their data is accessed and used. Consumers are expecting organisations to take their information seriously, to keep them informed and to treat their precious data with respect.

In a 1000-strong consumer survey of Australia’s top 116 brands that helps to comprise the annual Deloitte Australian Privacy Index, the most telling finding was that 94% of those surveyed believe that trust is more important than ease of use of a website, app or device.

The challenge for organisations

So the challenge for organisations in this environment becomes not just keeping up with legislative requirements, but also keeping up with the expectations of their consumers. And what consumers want is for organisations to make it as easy and transparent as possible for them to be informed about what the organisation they trust with their data is doing with it.

In the Privacy Index, as well as accounting for consumers’ expectations and perceptions through the survey, we looked at how organisations, through their websites and their mobile apps, live up to consumer expectations around privacy and meet best practice around cookies, privacy policy and security protocols.

By combining the survey, the website analysis and mobile app review, organisations that ranked highly in the Privacy Index shared the following characteristics. They:

  • communicated to the individual when they took actions on a mobile device
  • implemented security protocols on their website when capturing personal information
  • have cookies with a shorter expiry timeframe
  • were a trusted brand by their customers

Privacy and trust


Trust without borders

The areas that the Privacy Commissioner announced his office will focus on in the coming year include guidance on big data, de-identification and the Internet of Things. The intent is to help businesses and the wider community take privacy in their hands. The Office of the Australian Information Commissioner  will also undertake privacy assessments into consumer loyalty programs.

The reality is that privacy and trust has no borders.

As the Privacy Commissioner said: “Privacy is an international conversation, particularly as information flows have become more complex, traversing national borders and established regulatory jurisdictions.”

This means how organisations handle customers’ data both in Australia and overseas, will be subject to different and often even more stringent privacy laws.

The web is truly a complex global matrix

Until now the majority of Australian organisations have only had to consider local privacy laws, however jurisdictions such as the EU through new legislation, will be imposing an expectation to care for the privacy of citizens globally. This will impact all organisations in all jurisdictions including those based in Australia with Australian customers.

In addition, there are more subtle borders, such as those within and between organisations and their subsidiaries and third parties.

These complex information flows, together with varying global requirements need to be carefully monitored.

How organisations manage, protect and share data will definitely inform the expectations that consumers have. It will either build or destroy their trust and confidence in the organisations they entrust with their information.

So the opportunities that come with the ability to mine big data and gain access to deeper insights about consumers must be balanced with respect for privacy to maintain and build trust, as well as to safeguard consumers’ data, no matter where they are.

So who is responsible for protecting privacy?

The answer is that all players – agencies, consumers, organisations, and third parties – are all responsible for protecting privacy. But more than ever, privacy is inextricably linked with trust.

So if we ask the question: who suffers the biggest impact from privacy being mishandled or breached? Our answer is almost always the organisation. If privacy is mishandled then organisations will lose their consumers’ trust as well as the trust of the authorities.

Therefore being aware of how central privacy is to maintaining your consumers trust and loyalty is critical for organisations. Including privacy protection as an essential part of business planning and risk management, must therefore become paramount.

And as we know trust is extremely difficult to regain, once lost. Let’s not lose it!

Want to stay up-to-date?

Stay on trend and in the know when you sign up for our latest content