12 September 2017

Protecting consumers in a digital age

The ongoing threat of global cyber attacks and the continuing occurrences of identity theft makes us increasingly aware of the importance of protecting our privacy online. High profile incidents, including the worldwide cyber attack by the Wannacry ransomware in May 2017 and Yahoo’s data breaches in 2013 and 2014, have left us feeling vulnerable.

According to the latest Australian Community Attitudes to Privacy survey, 69 per cent of Australians are more concerned about their online privacy than they were five years ago – and 58 per cent would avoid dealing with a company if they were worried about the misuse of their personal information.

So protecting consumers’ privacy makes sound business sense. Trust and reputation are significant assets and once lost, are hard to re-establish.

However, consumer data is also valuable. In an age of big data analysis and artificial intelligence, it provides rich opportunities for increased revenue, as well as improved product design, customer experience and policy decisions.

Gain a better understanding of how Australians’ privacy attitudes impact their online behaviour by reading our insight paper, How Australians feel about privacy.

This is the ongoing tug of war between open data sharing, and individual control. Between convenience and security, exploitation and protection. Striking the right balance requires businesses to:

Move towards mandatory reporting
Treat privacy as much more than meeting regulatory requirements

Moving towards mandatory reporting

Australians may soon be even more aware of security breaches, when the Data Breach notification legislation comes into effect in February 2018.

Public and private sector organisations governed by the Privacy Act will need systems in place to ensure they are aware of data breaches, and act on them promptly if the breach is likely to result in serious harm to the individuals involved.

They will need to notify any affected customers who are likely to be at risk of serious harm as soon as a breach is detected and then also report the incident to the Privacy Commissioner.

The transparency of the legislation will ensure information security is taken seriously. However, it will also require some judgment as to what amounts to a serious data breach.

NAB’s Acting Chief Privacy Officer, Saara Mistry, who spoke at a privacy awareness event hosted by Australia Post, said this comes down to “putting ourselves in our customers’ shoes, and asking what the consequences would be for them in a particular incident.”

But Telstra’s Chief Privacy and Compliance Officer, Jason Holandsjo, who spoke at the same event, noted that the new legislation is simply a “floor of obligations for all enterprises. If you’re a truly customer-centric organisation, you would already have a process in place if something does go wrong.”

Privacy is much more than meeting regulatory requirements

Embedding privacy as part of an organisation’s culture is key to earning and keeping the trust of consumers. By applying privacy principles through every decision stage – from product development and marketing to legal and human resources – you can create a framework where security is part the DNA.

Capturing data

At a minimum, organisations need clear opt in and opt out procedures. Consent needs to be informed – which means being transparent about what data is being collected, what it will be used for, who it will be shared with, and what rights the consumer has to their data.

In short, organisations should only request the information they need for a specific purpose – not what they want. Reducing the amount of data collected also reduces the risk of disclosing it inappropriately.

Storing data

Privacy needs to be a preventative measure. If organisations wait for a breach to identify vulnerabilities, it’s too late. At the very least, virus and malware solutions need to be up to date, and a data retention procedure should be in place for securely destroying data when it is no longer needed or when consent is removed.

Sharing data

Although governments and businesses want to link and match data sets from third party sources to develop a richer understanding of our profiles and behaviour, consumers are still wary. The Australian Community Attitudes to Privacy survey found that although a third of Australians are comfortable with the government sharing their personal information with other government agencies, just 10 per cent are happy for businesses to do the same.

Strict security measures, such as encryption and protected ‘need to know’ access to third party data, can improve confidence in the way information is protected. But organisations also need to be completely transparent, and provide both choice and control.

This means privacy agreements need to clearly and succinctly answer questions such as:

Why is the data being collected and by who?
Who else will have access to it? Will it be sold on?
How will it be stored, transmitted and accessed?
Will it travel across jurisdiction boundaries?
Can law enforcement agencies or pubic authorities access it under specific circumstances?
How can I opt out or have the data removed?

As devices become increasingly embedded in our everyday activities, and technology enables rapid and scalable attacks, meeting the different needs of both organisations and individuals will be increasingly complex.

We need to think beyond box-ticking compliance when it comes to privacy. And by making information security principles part of an organisation’s culture, it is possible to put consumer safeguards in place without limiting the potential and value of using their data.

A single digital identity could unlock billions in economic opportunity

To find out more about our research into digital identity, read our white paper: A frictionless future for identity management.

Read white paper

Subscribe to our Building Business newsletter

Read engaging business stories, discover new ideas, and learn about great offers in our monthly business newsletter.

Inclusive service delivery

Supply chain capability

Disaster support and recovery

Election and referendum communications

Employee screening

Identity services

In-person identity checks

Photo & signature capture

Financial transactions and payments

Mail products and services

Information management

Decipha

Document imaging & management

Secure document collection & delivery

Data insights

Digitising services

The value of mail digitisation in a pandemic and beyond

A better read on the future of libraries

Finding the right channel mix for inclusive government service delivery

The future of identity services lies in choice, control and security

How blockchain will change your business

Australia Post’s agile approach to digital transformation

The Consumer Conundrum

Unlocking up to $11 billion of opportunity

Digital ID in new economy

World without borders

Relationship between trust and identity

Fuelling Uber’s expansion into regional Australia

Connecting our communities to services

eVoting: The Global Digital Democracy

Is Australia ready for eVoting?

How new technology can help solve the eVoting challenge

How regulation and technology are shaping the future of privacy and security

The 5 privacy trends impacting organisations today

How digital identity could resolve the privacy paradox

Protecting consumers in a digital age

Transforming our payments services to support Australian businesses

What Apple’s Face ID means for Australia Post’s Digital iD™

How an emerging cashless society is changing payments in Australia

Alipay unlocking eCommerce growth in Australia

Biometrics is changing identity and financial services in Australia

Opening up the barcode

Global insights into digital licensing

Rethinking the real purpose of digital licensing

The innovators of the digital economy

Australia’s cardless future

Next wave of tech in Australia’s digital economy

Why speed is the least interesting feature of the NPP

How organisations big and small can step up cyber security

Digital iD partnerships encourage online choice and confidence

ID verification made even easier

The top business strategy driving supply chain leaders

Understanding customers

How to be truly customer centric

Solve customer problems by asking them

Disrupt, develop, deliver: Big lessons from small business

Why Digital Inclusion can take Australia forward

Better together: 5 surprising insights into marketing channel relationships

The merit of methodology in digital co-creation

Using machine learning to shape the customer experience

Balancing the convenience and privacy trade-off

Five practical ways governments can drive digital inclusion in Australia

What’s holding customers back from using your online services?

The three drivers of online behaviour among Australians

Challenging the myths of online behaviour in Australia

The myths and misconceptions of Australians’ online behaviour

Digital identity and eKYC

Designing a digital experience for Generation Z

Southeast Asia shaping global eCommerce and payment trends

Customer experience in the digital economy

The digital economy is changing fast

Australian businesses pursuing cross-border eCommerce in China

Direct mail in a digital world

Why mail remains at the heart of Australia's election campaigns

The rise of fraud in times of disruption

In difficult times, human connection matters

Serving with empathy, reliability and responsiveness

Remaining ahead of changing customer expectations

Preparing for peaks and surges in online shopping Large Online Retailer

Supporting the Australian community this holiday season