Report: 9 in 10 brands not protecting customer data well enough

Employees across more than nine in 10 of Australia’s top 100 brands believe their organisations don’t do a good enough job of being transparent with consumers about how their information is being used.

The new Deloitte Privacy Index 2017, launched to coincide with Australian Privacy Week kicking off today, found 91 per cent of staff across Australia’s listed and privately owned top 100 brands believe their organisation could be more transparent with how they’re using customer data.

In addition, 58 per cent of respondents believed regulatory compliance was more important to their organisation than building trust with customers (36 per cent), and 59 per cent claimed organisations are neglecting to build trust with their employees. Just four in 10 received privacy training at induction or on an adhoc basis.

The survey encompassed more than 1000 employees across the top 100 organisations, gauging opinions on expectations of trust, complaints and information handling. Deloitte said its aim was to identify the potential disconnect between organisations and what staff members believe is occurring when it comes to protecting customer data and honouring privacy.

Deloitte Cyber Risk Services partner, Tommy Viljoen, said the majority of companies today had mature website privacy and security controls and policies. But the rise of mobile apps, which are both more open and transparent to users, gave this year’s study new insight in the discrepancies between practices and actual operations.

Read more: Getting prepared for mandatory data breach reporting

What was clear from the report was that bundled consent, T&Cs and privacy policies cannot be relied on for information to be managed appropriately all the time.

“An organisation may feel, for example, it has all the requisite boxes ticked and all its policies and procedures in place. Yet it appears that many staff members may circumvent these processes, and find what they consider to be easier ways of doing things, even if ‘adequate’ monitoring processes are in place,” Viljoen commented.

“To preserve and indeed build trust, organisations need to be authentic. This requires transparency of how customer data is being managed, and staff members who are fully aligned to managing the information safely and securely and so act accordingly.”

Report co-author, Deloitte Cyber Risk advisory director, Marta Ganko, claimed organisations have a big challenge ahead to maintain and/or build trust, develop resilience and create an environment of real consumer and business confidence. She also pointed to a growing global trend for consumers to gain more power over their own data in the face of these issues.

“In Australia, the Productivity Commission has called for greater controls for consumers to both manage access to and the sharing of their data,” Ganko said.

Such provisions already are enacted in other parts of the world, including the European Union and include the Revised Payment Services Directive and the General Data Protection Regulations, she added.

Deloitte’s third annual privacy assessment also ranked the most trusted industries, putting financial services industry at the top of the table again this year, followed by government. Telecommunications and media jumped from 5^th to become the third most trusted industry in the index, with energy and utilities, and industrials, rounding out the top five.

Another point made clear in the study was the importance of governance in achieving trusted status. Deloitte found the highest ranking industries have a privacy officer, regular privacy training and require third-parties to notify them in the event of a likely data breach.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, join us on Facebook: https://www.facebook.com/CMOAustralia, or check us out on Google+:google.com/+CmoAu