The Deloitte 2018 Privacy Index assesses the privacy practices of the top 100 Australian brands. It confirms that consumers choose brands that are transparent about what they do with the data.
Deloitte national Cyber Risk Services lead partner Tommy Viljoen said, “Australians want to know how their personal information will be used. And how to protect it. Honest communication about data use for what, and why, will be essential for future value exchange.”
The Deloitte 2018 Privacy Index (full report here) considers the reality that as technology, consumer demands, and business models continue to evolve, brands are collecting exponentially increasing amounts of personal information.
Viljoen said, “Each brand will use personal information differently. Some will commoditise it; others will use it to create a more customised experience. In either case, transparency with the consumer on how their personal information will be used and protected is critical.”
“You must earn our trust, or we will go somewhere else”
David Batch, Deloitte’s new National Privacy and Data Protection Lead said it conducts an annual assessment of the public face of the privacy practices of the top 100 Australian brands (by value) each year. Each sector ranks according to its stated actions.
“There were some big changes in the sector rankings this year given the focus on transparency of personal information processing. This meant that brands that offer primarily digital goods and services ranked better on transparency measures. Information Technology operations was the stand out rising from 9 out of 10 to #1 and top of the index.
“Despite all the media attention for the financial services sector, they stayed close to the top, ranking #2. Government also highly regulated came in at #3 on the rankings, and Telecommunications and Media was a close #4. The biggest fall was in the energy and utilities sector to #10 from #4.”
|Information technology operations||1||9||7|
|Telecommunications & media||4||3||5|
|Travel & Transport||5||N/A||N/A|
|Energy & utilities||10||4||3|
Batch said, “We asked 1000 Australians over 18 years old, across regions and genders, to tell us what data they provided to the brands in return for goods and services. And what factors influenced their decision to share their personal information. We wanted to understand the trust relationship and what factors influence the increase or decrease of consumer trust in brands.
“We also asked consumers to consider their knowledge of privacy and tell us how they would feel if their data was involved in a breach and what their expectations were for the brands to respond to such incidents.”
Deloitte 2018 Privacy Index key findings
- 69% believe that trust in the brand is most important when deciding to share personal information. The offset is the benefits such as discounts, personalised service and rewards.
- Brands will lose consumer trust and damage their reputation if customer data is used for
- cross-selling of personal information (68%)
- inappropriate marketing (58%)
- trading data to enable sales (54%)
- Consumers are aware that third parties have access to their personal information.
- 41% are comfortable allowing a brand to transfer their data if they trust the brand and there’s a benefit for them.
- 58% are unaware of the requirement by law to notify them of any data breach under the 1988 Privacy Act.
- 90% expect prompt notification if their personal details are breached.
- 76% indicated that they would be more likely to trust a brand after a breach if there was timely notification of the breach, a detailed explanation, detailed remediation plans, and ongoing notifications on progress.
GadgetGuy’s take – these dry statistics reflect future privacy directions
The Deloitte 2018 Privacy Index is scrupulously accurate – as you would expect.
The key message is that you will share more information with someone you trust. You will confide secrets with your best friend because you trust them to maintain confidence. If that trust breaks there is no more sharing.
But the key difference between sharing a secret is that you know what you said, e.g. you control that information.
Technology today allows any internet-based activity to track, at a minimum
- Date, time
- Location (whether by GPS, cell tower triangulation, IP lookup, store/mall beacons)
- Device – smartphone, PC, tablet, smartwatch/wearable, kiosk, ATM, credit card swipe
- Facial recognition from security and traffic cameras – some shops use sentiment and demographic analysis to learn more
- What you searched for, looked at and for how long
- What you bought
- Every conversation, SMS, email, calendar, task …
- Facebook collects thousands of data points – age, relationship status, employer, likes, and much more. It goes way beyond what you are willing to share.
But you say “I can see my data and delete it”.
But you say, “I can see my data and delete it”. That is what Facebook et al. would have you believe. The dirty, inconvenient truth is that as soon as that data is out there in the wild, every organisation that has collected/contributed to it can use it any way they see fit. There are no privacy laws yet.
Your disparate data mixes together via a unique personal ‘tag’ (ID). This allows all collectors (other app developers) to share and merge data to growing your profile beyond your wildest dreams. To scare you the dark web also has a profile on you. Eventually, by combining stolen data, it will crack passwords, credit card number etc.
You should read GadgetGuy’s report on Google Snooping to get a better idea of the scope of scrutiny.
The Deloitte 2018 Privacy Index is telling in a sanitised way. I suspect that 2019 will see a big upset in ratings for Information Technology, Financial Services, Telecommunications and media. All deserve to plummet given the dirty washing on display.