Protecting Privacy

Privacy is hitting board agendas at the moment. Consumers are becoming more aware of the privacy risks associated with their information. A perception that an organisation will protect user’s privacy and use data appropriately is now essential to the integrity of a brand.

A data breach can be devastating to an organisation’s reputation and take years to repair. Boards need to put in place appropriate protections to guard against this risk to the business.

Last year Deloitte launched the Australian Privacy Index to give organisations an idea of what consumers expect of organisations and what the state of play is across industries in regard to privacy.

In the second year of Deloitte’s assessment of the privacy practices of more than 100 leading consumer brands operating in the Australian market, a picture emerges of a sophisticated consumer - one that sees privacy as a function of both data protection and transparency around how their data is being used.

A telling finding in this year’s survey is that more than 90% of the 1,000 Australian consumers rating the brands value trust over convenience, when using the organisation’s website or app.

There is an imperative for organisations to safeguard the data that is entrusted to them, no matter to whom it is delivered, or in which country they reside. Organisations that do so have a real opportunity to proactively build trust with customers, positioning themselves as safe and reliable when it comes to customer data.

Main findings

The Deloitte Australian Privacy Index 2016 analysed the state of privacy of 116 of Australia’s leading consumer brands in 13 sectors – government, banking and finance, insurance, telecommunications, technology, media, retail, health and fitness, travel and transport, social media, energy, and for the first time, real estate and higher education

These are the three key expectations that consumers have of companies when it comes to their privacy:

  • It will use information reliably and respectfully

  • It will implement adequate security measures when information is submitted publicly

  • It will inform consumers how their information is to be used.

There are particular practices that consumers rate highly when it comes to meeting these objectives. Organisations that did well in the survey had mobile apps that advised the user what they did with their collected data. They had security protocols on their website to protect personal information when capturing it. They were transparent and actively communicated with the consumer how data would be used. The cookies on their website had shorter expiry timeframes than companies that did badly — the average time across all organisations surveyed was 657 days, but some companies stored cookies for more than three years.

Organisations that do not pay heed to the privacy expectations of their customers risk a public relations disaster. Poor practices can expose their customers to embarrassment and sometimes criminality. Boards need to make sure that they are up to date on what best practices and how their organisation can implement them.