Do Australian Organisations take privacy seriously?

Privacy concerns outstrip investment

A new survey suggests that Australian organisations’ investment in privacy risk and compliance may not be keeping up with the increasing concerns of individuals in this area. It paints a picture of a privacy industry that is still trying to find its feet while the digitisation of our world accelerates ahead. I’ve worked mostly in the EU over the past twelve years, and have seen a distinct privacy profession & industry emerge there. This survey makes fascinating reading to see where we are currently in Australia.

According to the Office of the Australian Information Commissioner, Australians have had growing concerns about the way their data is used for several years now. So how are the organisations that process our data responding to these concerns? To find out, specialist consultancy Privacy108 asked front-line privacy professionals how their organisations approach privacy, and what their biggest challenges are.

Download now – Australian Privacy Professionals Survey Results.

No clear home for privacy

The first insights that come out of this report set the scene: for more than half of the respondents, responsibility for privacy is only part of their role, and privacy does not have a clear ‘home’ within their organisations yet. This chimes well with my own experience in the field. Over the years I’ve sat with Records/Information Management, Legal, IT, Finance, Information Security, and Risk & Compliance teams. For my money, the Risk & Compliance function is the most natural and mature fit (certainly in larger organisations) since the other areas are competing stakeholders in this area.

As we move on to the regular tasks being undertaken we see a mixture of first and second line activities. Privacy professionals are both setting policies and putting them into action. Privacy impact assessments, for example, can be daunting for the non-initiated and certainly require the privacy officer’s input, but possibly over time these operational tasks will be overseen, rather than undertaken, by the privacy professional. There are several more examples in the survey results.

Management support

I recognise and sympathise with the key challenges reported by my peers. Amongst some frustrating issues, a lack of understanding & support by management may be the most critical identified here. Certainly it will be much more achievable to deal with some of the other reported challenges, such as the clear allocation of responsibilities, with clear support and direction from the top.

Privacy recruitment challenges

The second biggest challenge identified here is in recruiting suitable privacy personnel. The two elements sought in new recruits? Knowledge of the relevant legislation, and past experience of privacy programs. It’s difficult to imagine this will return a wide selection of candidates in Australia at the moment, even in Sydney or Melbourne. Perhaps as a result, external counsel is being relied on for many things, such as interpretation of privacy legislation and regulation, and support through a data breach.

This survey provides a useful benchmark of privacy practices in Australia. It paints a picture of low current maturity in this field compared to that in Europe, and it provokes questions about the ability of organisations to address the growing concerns of individuals about how their privacy is being protected. Globally, privacy seems to be growing into one of the issues of our age. It’ll be very interesting to see how we measure up in the next year or two.

Download now – Australian Privacy Professionals Survey Results.

Matt Hudson

April 2020

Matt Hudson is an experienced Data Protection Officer& privacy specialist with many years in data protection roles in the public and private sectors in both the UK and Australia. Matt is skilled in Data Privacy, Legal Compliance and Change Management and has a keen interest in the development of the privacy profession and practice in Australia.