The vast majority of Australia’s big businesses believe building trust with consumers will give them a competitive advantage, but 91 per cent of organisations think they could be more transparent with consumers about how their information is used.
According to research from Deloitte, 92 per cent of organisations indicated that building trust with their customers was a competitive advantage.
Further, 58 per cent of employees believe that regulatory compliance is more important to their organisation than building trust with customers (36 per cent).
The figures are contained in the Deloitte Privacy Index 2017, which surveyed Australia’s leading consumer brands including the ASX 100. The annual report measures the state of privacy across 11 sectors, by surveying more than 1000 consumers and key individuals responsible for privacy within their organisation.
“Given this current situation of ‘could do better’, plus the future direction for organisations both here and around the world, for individuals to have greater controls over the collection and sharing of their data, our organisations have a big challenge ahead to maintain and/or build trust, develop resilience and create an environment of real consumer and business confidence,” said Marta Ganko, Deloitte Cyber Risk Advisory Director.
“In Australia the Productivity Commission has called for greater controls for consumers to both manage access to and the sharing of their data.”
“Such provisions already are enacted in other parts of the world, including the European Union. The two salient directives are the Revised Payment Services Directive (PSD2) and the General Data Protection Regulations (GDPR),” said Ganko.
Financial services topped Deloitte’s Privacy Index, followed by government and, telecommunications and media.
“We believe one of the reasons the financial sector ranked at the top of the index again this year, followed by government and, for the first time in the top three, telecommunications and media, is because all three sectors are highly regulated,” said Tommy Viljoen Deloitte Cyber Risk Services Partner.
“Financial services conduct frequent privacy training. Their employees can correctly identify a privacy impact assessment, and they know the process to follow in the event of a data breach.
“Each of the top three sectors in this year’s Deloitte Privacy Index have employees who said they would be comfortable being consumers of their own employer’s brand,” Viljoen said.
- 58 per cent of organisations indicated that their organisation has undertaken a formal exercise to develop a privacy strategy.
- Of those, 71 per cent indicated that they have refreshed their strategy in the last 12 months.
- 88 per cent of organisations indicated they have internal privacy training.
- 25 per cent of organisations indicated that they were either unsure, or did not require contracted third parties to notify them in the event of a data breach.
- 79 per cent of the organisations indicated they have a data breach response plan that could be enacted in the event of a signicant/critical incident.
- 94 per cent of organisations felt that having privacy obligations either did not impact or positively impacted on customer user experience.