A new study shows that extent to which Australian IT decision makers have not acted on recent changes to Australian privacy laws.
Many organisations in Australia are uncertain of how they should be managing their data without risk, four months after the changes to the Australian Privacy Principles were introduced.
Despite claiming to be aware of the changes, over 70% of Australian IT decision makers seek third party guidance on management of their data. The findings are contained in a white paper commissioned by NTT Communications ICT Solutions (NTT ICT) and Hitachi Data Systems (HDS) and researched by IDC Australia.
This uncertainty about the new laws has resulted in irregularities in the disposal of personal data by third party services, which leaves many Australian organisations vulnerable to non-compliance with the revised principles, the report says. They have little insight into the management of their data during its lifecycle and the terms of their consequent liability.
The findings are based on research of 150 organisations in Australia, regarding their concerns surrounding data privacy and what the changes to Australian Privacy Principles mean to them.
The white paper, titled ‘The Increasing Value of Data in Australia: Privacy, Security and Compliance’, also reveals that attitudes towards privacy and data management have been significantly influenced by recent developments in mobile, social and cloud technologies.
“The changes to the Australian Privacy Principles on 12 March 2014 will have significant implications for how businesses manage their data,” said NTT ICT’s Julian Badell. “NTT ICT and HDS wanted to investigate the changing attitudes, practices and impact of these changes on organisations”
HDS’s Andrew McGee said: “As the need to manage and store large amounts of data increases, many businesses are not equipped to tackle the changing regulatory landscape associated with data management.
“In this new and continually evolving regulatory environment, compliance strategies need to be addressed to protect the business from risks around where data is housed and how it can be efficiently managed and retained, even when core enterprise applications are phased out”.
Key findings from the white paper include:
Uncertainty remains about principles regarding disposal of data
Awareness of changes to the Australian Privacy Law is relatively high, however awareness of the individual principles is much lower – according to the survey 20% of Australian Organisations remain unaware or uncertain of the implications relating to changes to the Australian Privacy Principles.
Sally Parker, research director for IDC Australia said “The research uncovered broad awareness of the principles within IT around protection of personal information before it is disclosed overseas, disclosure of breaches to all relevant parties and civil penalties in the case of a serious privacy breach. But notably absent is awareness of principles regarding the proper disposal of personal data once it is no longer required for the purpose for which consent was provided.”
Organisations are putting themselves at risk regarding data collection
IDC noted a 20% increase in the perceived risk associated with data since the introduction of the revised Australian Privacy Principles. Despite this, individual retailers are still putting themselves at risk – only 50% of retailers surveyed have a formal governance process managing ‘give to get’ data.
Uncertainty of the changes to Australian Privacy Principles is linked to dependence on third party services
The research shows that 72% of Australian organisations look to third parties for guidance on risk, security and compliance – yet 20% of those surveyed lack confidence in their knowledge of how third parties deal with the disposal of data. Of those organisations entrusting a third party with their personal data, few mandate requirements around the physical location of data, total number of copies, deletion process, or impose restrictions regarding access to the data.
Data is the new currency for Australian organisations
The market for big data is set to reach $16.1 billion in 2014, growing six times faster than the overall IT market. Government agencies alone installed an additional 93,000 terabytes of storage during 2008-2012.
The advent of new technologies is dictating how Australian organisations handle their data
Australian Organisations are able to source more valuable consumer information than ever before, due to new social, cloud and mobile technologies. These mediums have fostered a borderless IT environment that dictates a fresh approach to data management and risk policies – 93.7% of organisations surveyed shared that Public Cloud had changed how they approach risk and security.
Privacy can now be used as a competitive differentiator
Organisations that are perceived to be putting their customers first when it comes to privacy can gain leverage over their competitors. The Electronic Frontier Foundation and Online Trust Alliance annually recognise the top companies for consumer privacy and data protection.
As a result of the survey, IDC predicts that within the next three years, smaller more agile organisations will capitalise on the opportunity to leverage insights gained from data analysis without the baggage of the larger established competitors.