How can Aussie SMEs build digital trust with a privacy policy?

Digital trust enables organisations and individuals to participate confidently in the connected world, knowing their information is secure. However, organisations may need to go beyond the implementation of security measures to gain digital trust. We find out how privacy concerns affect digital trust and how effective a privacy policy can be. 

The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 is the most recent amendment to Australia’s Privacy Act 1988. It introduces targeted measures to enhance the Office of the Australian Information Commissioner’s (OAIC) ability to regulate organisations and increased penalties for serious and repeated privacy breaches.

However, despite legislation and security efforts, recent data breaches in Australia continue to alert consumers to the risks associated with the storage of their data. Are consumers still concerned about unauthorised access to their personal information, and how does it affect their trust? Can organisations gain digital trust by providing a clear and concise privacy policy that informs consumers how they collect, manage, and share access to sensitive information?  

GetApp surveyed 991 Australians to evaluate their data privacy concerns and what practices affect their trust. In this first article of a two-part series, we look at how important a privacy policy is for Australian online consumers and whether a transparent privacy statement can reassure potential customers. Furthermore, we find out the implications of a data breach and the mismanagement of personal information. All survey-takers had carried out an online transaction that involved sharing personal information with a company online in the past year. You can find the full methodology at the bottom of this article. 

The importance of a privacy policy in Australia 

Any organisation or agency the Privacy Act covers in Australia must have a privacy policy. Although the Privacy Act does not currently cover most companies with an annual turnover of less than $3 million, some small businesses have obligations to comply with the law; for example, if they process personal information for a benefit or collect health information. Legal requirements for data privacy will also vary depending on the country where Australian companies wish to operate. According to OAIC guidelines, a business with European customers, for example, may need to comply with the general data protection regulation (GDPR).

Usually, when consumers transact with a company online, they are required to share some personal information. Unsurprisingly, nearly three-quarters (73%) of respondents are protective of their information saying data privacy is ‘very important’, and another quarter (25%) said it was ‘somewhat important’. 

A privacy statement can be used to inform online visitors that data privacy is equally important for the company holding personal information as it is to their customers. An overwhelming majority of respondents (92%) agree that how a company treats their personal information reflects how they are treated as customers. Therefore, SMEs looking to build credibility and trust must treat their customers' information respectfully. It is also vital for this information to be communicated as transparently as possible to sway the privacy-focused consumer.

46% of Aussies think that companies’ data privacy policies are unclear

A privacy policy is a statement outlining the organisation’s privacy practices and should clearly explain how that organisation or agency manages personal information. A combined 43% of respondents frequently read a company’s data policy before purchasing a service or product online: 27% say they often read it and 16% told us they always read it. Only 17% never read these statements. This indicates a high probability that a significant percentage of online consumers will pay attention to a company’s privacy statement, and so businesses should ensure it is clear and comprehensive. 

When we asked respondents if they think companies’ privacy policies are clear, a combined 46% said they are either not easy to understand (32%) or misleading (14%). In contrast, only 26% of respondents thought that companies’ privacy policies are clear and understandable. 

The consequences of an unclear privacy policy can have significant negative effects on a business. Not only can a lack of clarity generate distrust but, according to our survey results, it may also cause existing customers to consider taking their business elsewhere. As the majority of respondents think companies’ privacy policies are unclear, this highlights a potential opportunity for businesses to stand out from the competition, or even win over new customers, by developing easy-to-read policies for customers. 

Furthermore, 61% of respondents think companies are only somewhat transparent about how they use their data, by only partially explaining how they use their personal information. Just over a quarter of respondents (26%) think companies are not transparent at all, whereas only 14% think companies are very transparent about how they use their data by always explaining how they use their personal information. 

A lack of transparency can make consumers reluctant to share their personal details, so we looked further into who customers are most comfortable sharing this information with and which industries they think are more trustworthy with data protection.

51% would not share personal data with companies they do not trust

When we asked survey-takers how much trust they need to have in a company before they feel comfortable sharing their personal information with them, just over half (51%) said they need a lot of trust and wouldn’t share any of their personal data with a company they didn’t trust. 43% said it depends if they would benefit from sharing personal details, and only 6% said they don’t need trust to share this information. The following graph depicts which industries respondents trust the least with data protection.  

Advertising and marketing was the sector more frequently cited as untrustworthy by respondents, with 43% saying they do not trust this industry with data protection. This could be related to the use of customer information collected via cookies for targeted advertising, as these ads may make some consumers feel like companies are trolling them online. Surprisingly, over half of the respondents (55%) are neutral about trusting companies that collect personal information with the help of cookies for commercial use, such as transferring their data to third parties or creating personality profiles. However, nearly a quarter (24%) said they don’t trust companies who collect their data for commercial purposes.

Online consumers are more comfortable sharing personal information with customer service than with chatbots

When we looked into how comfortable respondents felt sharing their personal data with a company in different situations, we found that most survey-takers favour human interaction in comparison to interacting with programmed applications. 67% of respondents are comfortable sharing personal information when interacting with customer service compared to 29% that are comfortable sharing this information when interacting with pop-ups or notifications. 

69% of Aussies have encountered a scam situation online 

According to Scamwatch, Australians lost $3.1 billion to scams in 2022 —an 80% increase compared to the previous year. Consumers have every right to be cautious about who they share their personal information with or find certain sectors to be untrustworthy as result. The rising number of online scams is also evident in our survey field as the majority of respondents (69%) have been a victim of either online fraud, online scams, stolen credit information, or a form of personal information exposure on the internet. 

The majority of respondents (38%) that have encountered a scam situation online said it was because they received a suspicious email. E-mail-phishing is a common origin of many scams, where online criminals entice consumers to click on links by posing as what may seem like legitimate or familiar companies but with the intent of harvesting more data such as passwords or other personal information. Another 28% of respondents said they were scammed when buying something on social media.

Data breaches and compromised customer information, such as emails, have a negative effect on consumer trust. Over half the respondents (56%) are most concerned about the possibility of a data breach resulting in financial fraud, and a further 19% are concerned about an invasion of their privacy, such as access to their photos and messages. 

The repercussions of a data breach could be severe, and companies risk losing consumer trust and business. 41% of respondents said they would definitely stop doing business with or buying from a company that is a victim of a data breach, while a further 31% would only stop doing business with them in the online environment. More than half of survey-takers said they would even consider taking legal action against the company, and a further 13% have already done so.

Data mismanagement is a deal-breaker for online consumers

As we have seen, customers generally feel apprehensive about sharing their data with companies. In fact, 85% of respondents agree they are nervous about sharing personal information online. Additionally, most respondents (71%) think companies collect too much data and dislike this situation.  

However, a privacy policy plays an effective role in informing consumers of the use and protection of their information. The more concise and clear the privacy policy, the better it is for consumer trust. Companies must show customers they respect their data privacy and ensure full transparency regarding how they treat personal information to maintain a good reputation for data management. Almost half (49%) of respondents say they have stopped buying from a company that had a problem with protecting customers’ personal information. In the next part of this two-part series, we will find out the best privacy practices consumers expect from companies.