Need to know
- Australians consider data breaches to be the biggest security risk they face.
- Only three out of 10 Australians feel that they're in control of their data privacy.
- Nearly everyone thinks conditions should be in place before artificial intelligence is used.
Endless reports of data breaches in recent months indicate that our personal data is up for grabs whenever cybercriminals feel like stealing it. It seems it's not a case of if, but when.
In September last year, up to 9.8 million customers had their passport numbers, home and email addresses, dates of birth and drivers licence numbers stolen in the Optus breach.
The following month, four million Medibank customers had their data stolen. It was a crime designed to "cause maximum harm to the most vulnerable members of our community," Medibank CEO David Koczkar said at the time.
Then in March 2023, the Latitude Finance data breach affected 14 million customers of not just Latitude, but many customers of its predecessor companies. People's personal details had been retained from as far back as 2005 for no legally supportable reason. "How can companies be allowed to hold my personal information forever?" one affected CHOICE customer asked.
The Office of the Australian Information Commissioner (OAIC) which oversees privacy rules, wants to know too, and has launched an investigation into Latitude's data handling practices.
Three-quarters of Australians harmed by a breach
According to a recent OAIC survey, Australians consider data breaches to be the biggest security risk they face.
That's understandable, considering that nearly half of us (47%) have been involved in a data breach. Of those who have been caught up in one, over three-quarters have experienced harm.
The OAIC research also shows that we care a lot about protecting our personal information, with more than six out of 10 of us seeing it as a major life concern. Meanwhile, only three out of 10 Australians feel that they're in control of their data privacy, and half of us believe we have no choice but to accept what businesses decide to do with our data.
There is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required
Information and privacy commissioner Angelene Falk
Information and privacy commissioner Angelene Falk says the survey results show that we want businesses to take proactive measures to keep our details safe.
"There is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required," Falk says, adding that the findings "point to several areas where organisations can do more to build trust in the community".
And there is one point on which we're nearly unanimous: 96% told OAIC that conditions should be in place before artificial intelligence is used to make decisions that might affect us.
Less than a third of Australians feel in control of their privacy, according to the latest Australian Community Attitudes to Privacy Survey.
CHOICE is calling for updates to our privacy laws
CHOICE consumer data advocate, Kate Bower, agrees with the views of Australians captured in the OAIC research, saying, "Australian consumers are understandably worried about the security of their personal information after large-scale data breaches that have affected almost everyone in some way. And it's vital that businesses get privacy protections right before implementing any kind of artificial intelligence."
The findings of a recent CHOICE Consumer Pulse survey confirm the findings of the OAIC report, with only one in eight Australians indicating that they trust businesses to use their data responsibly and in their interests. Bower says that getting our privacy laws right is more important than ever if businesses want to win back the trust of consumers.
Unfortunately our privacy laws were written in the 1980s, long before cybersecurity and artificial intelligence were everyday concerns
CHOICE consumer data advocate Kate Bower
"Consumers want and deserve strong protections for their personal information. Unfortunately our privacy laws were written in the 1980s, long before cybersecurity and artificial intelligence were everyday concerns. We urgently need fit-for-purpose privacy laws that offer consumers the protection they deserve," Bower says.
CHOICE is calling on the federal government to urgently implement many of the reform recommendations outlined in the Attorney-General Department's Privacy Act Review Report released late last year.
"Common sense reforms such as an updated definition of personal information, introducing a 'fair and reasonable use' test and creating clear rules and guardrails for high-risk technologies like facial recognition, would go a long way to restoring trust in the market and ensuring consumers are treated fairly and safely," says Bower.
Read more about CHOICE's recommendations for privacy reform in our submission to the Attorney-General's Privacy Act Review and support our advocacy by signing the petition below.
CHOICE Consumer Pulse June 2023 is based on a survey of 1087 Australian households. Quotas were applied for representations in each age group as well as genders and location to ensure coverage in each state and territory across metropolitan and regional areas. Fieldwork was conducted from 7 to 22 June, 2023.
Stock images: Getty, unless otherwise stated.
