Learn why GetApp is free

How can Aussie SMEs build digital trust with a privacy policy?

Published on 09/05/2023 by Andrew Blair

Digital trust enables organisations and individuals to participate confidently in the connected world, knowing their information is secure. However, organisations may need to go beyond the implementation of security measures to gain digital trust. We find out how privacy concerns affect digital trust and how effective a privacy policy can be. 

Securing digital trust with a transparent privacy policy

The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 is the most recent amendment to Australia’s Privacy Act 1988. It introduces targeted measures to enhance the Office of the Australian Information Commissioner’s (OAIC) ability to regulate organisations and increased penalties for serious and repeated privacy breaches.

However, despite legislation and security efforts, recent data breaches in Australia continue to alert consumers to the risks associated with the storage of their data. Are consumers still concerned about unauthorised access to their personal information, and how does it affect their trust? Can organisations gain digital trust by providing a clear and concise privacy policy that informs consumers how they collect, manage, and share access to sensitive information?  

GetApp surveyed 991 Australians to evaluate their data privacy concerns and what practices affect their trust. In this first article of a two-part series, we look at how important a privacy policy is for Australian online consumers and whether a transparent privacy statement can reassure potential customers. Furthermore, we find out the implications of a data breach and the mismanagement of personal information. All survey-takers had carried out an online transaction that involved sharing personal information with a company online in the past year. You can find the full methodology at the bottom of this article. 

The importance of a privacy policy in Australia 

Any organisation or agency the Privacy Act covers in Australia must have a privacy policy. Although the Privacy Act does not currently cover most companies with an annual turnover of less than $3 million, some small businesses have obligations to comply with the law; for example, if they process personal information for a benefit or collect health information. Legal requirements for data privacy will also vary depending on the country where Australian companies wish to operate. According to OAIC guidelines, a business with European customers, for example, may need to comply with the general data protection regulation (GDPR).

Usually, when consumers transact with a company online, they are required to share some personal information. Unsurprisingly, nearly three-quarters (73%) of respondents are protective of their information saying data privacy is ‘very important’, and another quarter (25%) said it was ‘somewhat important’. 

Single statistic highlighting the importance of data privacy

A privacy statement can be used to inform online visitors that data privacy is equally important for the company holding personal information as it is to their customers. An overwhelming majority of respondents (92%) agree that how a company treats their personal information reflects how they are treated as customers. Therefore, SMEs looking to build credibility and trust must treat their customers' information respectfully. It is also vital for this information to be communicated as transparently as possible to sway the privacy-focused consumer.

What information should SMEs include in a privacy statement?

According to the OAIC, any organisation or agency that the Privacy Act covers must include the following information in their privacy statement:

  • The organisation’s name and contact details
  • The type of information that is collected and stored
  • The reasons why personal information is collected, held, used, or disclosed
  • How personal information is collected and securely stored
  • How an individual may access and correct any information that is held, including the ability to unsubscribe from any email list
  • How an individual may complain about a breach of the Australian Privacy Principles (APPs) and how their complaint will be handled
  • Whether personal information is disclosed to third parties and to which countries

46% of Aussies think that companies’ data privacy policies are unclear

A privacy policy is a statement outlining the organisation’s privacy practices and should clearly explain how that organisation or agency manages personal information. A combined 43% of respondents frequently read a company’s data policy before purchasing a service or product online: 27% say they often read it and 16% told us they always read it. Only 17% never read these statements. This indicates a high probability that a significant percentage of online consumers will pay attention to a company’s privacy statement, and so businesses should ensure it is clear and comprehensive. 

When we asked respondents if they think companies’ privacy policies are clear, a combined 46% said they are either not easy to understand (32%) or misleading (14%). In contrast, only 26% of respondents thought that companies’ privacy policies are clear and understandable. 

The consequences of an unclear privacy policy can have significant negative effects on a business. Not only can a lack of clarity generate distrust but, according to our survey results, it may also cause existing customers to consider taking their business elsewhere. As the majority of respondents think companies’ privacy policies are unclear, this highlights a potential opportunity for businesses to stand out from the competition, or even win over new customers, by developing easy-to-read policies for customers. 

Single statistic highlighting respondents that would consider switching brands due to unclear data privacy policies

Furthermore, 61% of respondents think companies are only somewhat transparent about how they use their data, by only partially explaining how they use their personal information. Just over a quarter of respondents (26%) think companies are not transparent at all, whereas only 14% think companies are very transparent about how they use their data by always explaining how they use their personal information. 

A lack of transparency can make consumers reluctant to share their personal details, so we looked further into who customers are most comfortable sharing this information with and which industries they think are more trustworthy with data protection.

51% would not share personal data with companies they do not trust

When we asked survey-takers how much trust they need to have in a company before they feel comfortable sharing their personal information with them, just over half (51%) said they need a lot of trust and wouldn’t share any of their personal data with a company they didn’t trust. 43% said it depends if they would benefit from sharing personal details, and only 6% said they don’t need trust to share this information. The following graph depicts which industries respondents trust the least with data protection.  

Bar graph showing the least trusted sectors with data protection

Advertising and marketing was the sector more frequently cited as untrustworthy by respondents, with 43% saying they do not trust this industry with data protection. This could be related to the use of customer information collected via cookies for targeted advertising, as these ads may make some consumers feel like companies are trolling them online. Surprisingly, over half of the respondents (55%) are neutral about trusting companies that collect personal information with the help of cookies for commercial use, such as transferring their data to third parties or creating personality profiles. However, nearly a quarter (24%) said they don’t trust companies who collect their data for commercial purposes.

How to gain consumer trust when collecting data with cookies

Cookie consent can lead to multiple benefits for both consumers and organisations, such as providing useful recommendations for partner products. If data collected through cookies can identify an individual, it may need to comply with the rules in the Privacy Act. The use of compliance software can ensure full disclosure of data collection and its handling to consumers. Additionally, organisations can educate consumers that opting out of cookies won’t remove advertising from web pages they visit. However, it will mean that the advertising won't be related to their interests.

Online consumers are more comfortable sharing personal information with customer service than with chatbots

When we looked into how comfortable respondents felt sharing their personal data with a company in different situations, we found that most survey-takers favour human interaction in comparison to interacting with programmed applications. 67% of respondents are comfortable sharing personal information when interacting with customer service compared to 29% that are comfortable sharing this information when interacting with pop-ups or notifications. 

Chatbots vs live chat

Although our survey indicates that consumers are generally more comfortable sharing personal data with a human agent, chatbot software can save customer service teams time by answering repetitive questions via automated responses. These tools can also improve the customer experience by reducing wait times for a response that can be found in a frequently asked section. 

However, for the privacy-focused consumer, live chat software can help bridge the gap between chatbots and the discomfort experienced by customers when asked for personal information. It can be integrated into a website or used as a widget to offer customer support. This software solution may give consumers more confidence that their personal data is being handled appropriately by allowing them to speak with a customer service agent. 

Stacked bar graph showing who consumers are most comfortable sharing personal information with

69% of Aussies have encountered a scam situation online 

According to Scamwatch, Australians lost $3.1 billion to scams in 2022 —an 80% increase compared to the previous year. Consumers have every right to be cautious about who they share their personal information with or find certain sectors to be untrustworthy as result. The rising number of online scams is also evident in our survey field as the majority of respondents (69%) have been a victim of either online fraud, online scams, stolen credit information, or a form of personal information exposure on the internet. 

Bar graph showing consumers who have encountered a scam situation online

The majority of respondents (38%) that have encountered a scam situation online said it was because they received a suspicious email. E-mail-phishing is a common origin of many scams, where online criminals entice consumers to click on links by posing as what may seem like legitimate or familiar companies but with the intent of harvesting more data such as passwords or other personal information. Another 28% of respondents said they were scammed when buying something on social media.

Keep personal information secure

Scammers are getting smarter by taking advantage of new technologies, new products and services, and major events to formulate believable stories to catch consumers off guard.  Organisations are no exception, but they can inform their customers about receiving suspicious correspondence that may pose as official communication. Businesses can offer customers extra security measures, such as through the use of multi-factor authentication (MFA) software, where customers are required to provide two or more forms of identification to access digital resources. This extra layer of protection can give consumers more confidence that a company is taking measures to secure their data. 

Data breaches and compromised customer information, such as emails, have a negative effect on consumer trust. Over half the respondents (56%) are most concerned about the possibility of a data breach resulting in financial fraud, and a further 19% are concerned about an invasion of their privacy, such as access to their photos and messages. 

Prepare a data breach response plan

Businesses should prepare a response plan to ensure they can respond quickly and appropriately in the event of a data breach, following the required steps outlined by the OAIC. An internal response plan can minimise the impact on the company’s customers and its reputation. Furthermore, the use of reputation management software can help organisations keep on top of what is being said about them on blogs, social networks, and the media.

The repercussions of a data breach could be severe, and companies risk losing consumer trust and business. 41% of respondents said they would definitely stop doing business with or buying from a company that is a victim of a data breach, while a further 31% would only stop doing business with them in the online environment. More than half of survey-takers said they would even consider taking legal action against the company, and a further 13% have already done so.

Two statistics highlighting consumers that would consider taking legal action against a company for a data breach

Data mismanagement is a deal-breaker for online consumers

As we have seen, customers generally feel apprehensive about sharing their data with companies. In fact, 85% of respondents agree they are nervous about sharing personal information online. Additionally, most respondents (71%) think companies collect too much data and dislike this situation.  

However, a privacy policy plays an effective role in informing consumers of the use and protection of their information. The more concise and clear the privacy policy, the better it is for consumer trust. Companies must show customers they respect their data privacy and ensure full transparency regarding how they treat personal information to maintain a good reputation for data management. Almost half (49%) of respondents say they have stopped buying from a company that had a problem with protecting customers’ personal information. In the next part of this two-part series, we will find out the best privacy practices consumers expect from companies. 

Looking for data privacy management software? Check out our catalogue! 


To collect this data, GetApp interviewed 991 Australians online in March 2023. The candidates had to fulfil the following criteria:

  • Australian resident
  • Above the age of 18
  • Must have completed at least one of the following actions in the past 12 months:
    • Purchased a product or service online 
    • Contracted or hired services from an online platform 
    • Used an application to make a purchase or hire a service
    • Created or used an account in their name on a social network
    • Used online banking

NOTE: This document, while intended to inform our clients about the current data privacy and security challenges experienced by companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

About the author

Andrew is a Content Analyst for GetApp, giving SMEs insights into tech, software and business trends. Interest in entrepreneurship, furthering projects and startups.

Andrew is a Content Analyst for GetApp, giving SMEs insights into tech, software and business trends. Interest in entrepreneurship, furthering projects and startups.