In this article
The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 is the most recent amendment to Australia’s Privacy Act 1988. It introduces targeted measures to enhance the Office of the Australian Information Commissioner’s (OAIC) ability to regulate organisations and increased penalties for serious and repeated privacy breaches.
Usually, when consumers transact with a company online, they are required to share some personal information. Unsurprisingly, nearly three-quarters (73%) of respondents are protective of their information saying data privacy is ‘very important’, and another quarter (25%) said it was ‘somewhat important’.
A privacy statement can be used to inform online visitors that data privacy is equally important for the company holding personal information as it is to their customers. An overwhelming majority of respondents (92%) agree that how a company treats their personal information reflects how they are treated as customers. Therefore, SMEs looking to build credibility and trust must treat their customers' information respectfully. It is also vital for this information to be communicated as transparently as possible to sway the privacy-focused consumer.
What information should SMEs include in a privacy statement?
According to the OAIC, any organisation or agency that the Privacy Act covers must include the following information in their privacy statement:
- The organisation’s name and contact details
- The type of information that is collected and stored
- The reasons why personal information is collected, held, used, or disclosed
- How personal information is collected and securely stored
- How an individual may access and correct any information that is held, including the ability to unsubscribe from any email list
- How an individual may complain about a breach of the Australian Privacy Principles (APPs) and how their complaint will be handled
- Whether personal information is disclosed to third parties and to which countries
46% of Aussies think that companies’ data privacy policies are unclear
When we asked respondents if they think companies’ privacy policies are clear, a combined 46% said they are either not easy to understand (32%) or misleading (14%). In contrast, only 26% of respondents thought that companies’ privacy policies are clear and understandable.
Furthermore, 61% of respondents think companies are only somewhat transparent about how they use their data, by only partially explaining how they use their personal information. Just over a quarter of respondents (26%) think companies are not transparent at all, whereas only 14% think companies are very transparent about how they use their data by always explaining how they use their personal information.
A lack of transparency can make consumers reluctant to share their personal details, so we looked further into who customers are most comfortable sharing this information with and which industries they think are more trustworthy with data protection.
51% would not share personal data with companies they do not trust
When we asked survey-takers how much trust they need to have in a company before they feel comfortable sharing their personal information with them, just over half (51%) said they need a lot of trust and wouldn’t share any of their personal data with a company they didn’t trust. 43% said it depends if they would benefit from sharing personal details, and only 6% said they don’t need trust to share this information. The following graph depicts which industries respondents trust the least with data protection.
Advertising and marketing was the sector more frequently cited as untrustworthy by respondents, with 43% saying they do not trust this industry with data protection. This could be related to the use of customer information collected via cookies for targeted advertising, as these ads may make some consumers feel like companies are trolling them online. Surprisingly, over half of the respondents (55%) are neutral about trusting companies that collect personal information with the help of cookies for commercial use, such as transferring their data to third parties or creating personality profiles. However, nearly a quarter (24%) said they don’t trust companies who collect their data for commercial purposes.
How to gain consumer trust when collecting data with cookies
Cookie consent can lead to multiple benefits for both consumers and organisations, such as providing useful recommendations for partner products. If data collected through cookies can identify an individual, it may need to comply with the rules in the Privacy Act. The use of compliance software can ensure full disclosure of data collection and its handling to consumers. Additionally, organisations can educate consumers that opting out of cookies won’t remove advertising from web pages they visit. However, it will mean that the advertising won't be related to their interests.
Online consumers are more comfortable sharing personal information with customer service than with chatbots
When we looked into how comfortable respondents felt sharing their personal data with a company in different situations, we found that most survey-takers favour human interaction in comparison to interacting with programmed applications. 67% of respondents are comfortable sharing personal information when interacting with customer service compared to 29% that are comfortable sharing this information when interacting with pop-ups or notifications.
Chatbots vs live chat
Although our survey indicates that consumers are generally more comfortable sharing personal data with a human agent, chatbot software can save customer service teams time by answering repetitive questions via automated responses. These tools can also improve the customer experience by reducing wait times for a response that can be found in a frequently asked section.
However, for the privacy-focused consumer, live chat software can help bridge the gap between chatbots and the discomfort experienced by customers when asked for personal information. It can be integrated into a website or used as a widget to offer customer support. This software solution may give consumers more confidence that their personal data is being handled appropriately by allowing them to speak with a customer service agent.
69% of Aussies have encountered a scam situation online
According to Scamwatch, Australians lost $3.1 billion to scams in 2022 —an 80% increase compared to the previous year. Consumers have every right to be cautious about who they share their personal information with or find certain sectors to be untrustworthy as result. The rising number of online scams is also evident in our survey field as the majority of respondents (69%) have been a victim of either online fraud, online scams, stolen credit information, or a form of personal information exposure on the internet.
The majority of respondents (38%) that have encountered a scam situation online said it was because they received a suspicious email. E-mail-phishing is a common origin of many scams, where online criminals entice consumers to click on links by posing as what may seem like legitimate or familiar companies but with the intent of harvesting more data such as passwords or other personal information. Another 28% of respondents said they were scammed when buying something on social media.
Keep personal information secure
Scammers are getting smarter by taking advantage of new technologies, new products and services, and major events to formulate believable stories to catch consumers off guard. Organisations are no exception, but they can inform their customers about receiving suspicious correspondence that may pose as official communication. Businesses can offer customers extra security measures, such as through the use of multi-factor authentication (MFA) software, where customers are required to provide two or more forms of identification to access digital resources. This extra layer of protection can give consumers more confidence that a company is taking measures to secure their data.
Data breaches and compromised customer information, such as emails, have a negative effect on consumer trust. Over half the respondents (56%) are most concerned about the possibility of a data breach resulting in financial fraud, and a further 19% are concerned about an invasion of their privacy, such as access to their photos and messages.
Prepare a data breach response plan
Businesses should prepare a response plan to ensure they can respond quickly and appropriately in the event of a data breach, following the required steps outlined by the OAIC. An internal response plan can minimise the impact on the company’s customers and its reputation. Furthermore, the use of reputation management software can help organisations keep on top of what is being said about them on blogs, social networks, and the media.
The repercussions of a data breach could be severe, and companies risk losing consumer trust and business. 41% of respondents said they would definitely stop doing business with or buying from a company that is a victim of a data breach, while a further 31% would only stop doing business with them in the online environment. More than half of survey-takers said they would even consider taking legal action against the company, and a further 13% have already done so.
Data mismanagement is a deal-breaker for online consumers
As we have seen, customers generally feel apprehensive about sharing their data with companies. In fact, 85% of respondents agree they are nervous about sharing personal information online. Additionally, most respondents (71%) think companies collect too much data and dislike this situation.
To collect this data, GetApp interviewed 991 Australians online in March 2023. The candidates had to fulfil the following criteria:
- Australian resident
- Above the age of 18
- Must have completed at least one of the following actions in the past 12 months:
- Purchased a product or service online
- Contracted or hired services from an online platform
- Used an application to make a purchase or hire a service
- Created or used an account in their name on a social network
- Used online banking
NOTE: This document, while intended to inform our clients about the current data privacy and security challenges experienced by companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.