Privacy Commissioner Publishes Research Into Community Attitudes Towards Privacy

Federal Privacy Commissioner, Karen Curtis, has published findings of research conducted into community attitudes toward privacy. The focus of the research was to examine attitudes towards privacy in a number of areas including health, the internet, dealing with businesses and government organizations, and privacy in the workplace. The research provides valuable information for businesses as it provides a snapshot of consumer and employee attitudes towards privacy which can be used to assist in assessments of privacy practices and high-risk areas of privacy compliance regimes.

The research surveyed 1,507 adults and was in part a replication of a similar study conducted in 2001. In a media statement released last week, the Commissioner outlined the following findings of the research:

Most trustworthy organizations
“The research results show that respondents rate health service providers as the most trustworthy organizations, followed by financial organizations and government organizations and they considered the least trustworthy organizations to be internet sales companies, and mail order companies,” Ms Curtis said.

“People are most reluctant to reveal their financial details, income, home phone number, medical history, and home address.

“For some people, privacy is such a major concern that 33% said that they had decided not to deal with a private sector organization in order to protect their personal information.”

Perceptions of what constitutes an invasion of privacy
The Commissioner’s media release stated that the research indicates that 90-95% of people consider the following hypothetical situations to be an invasion of privacy:

  • a business that you don’t know gets hold of your personal information (94% consider this a privacy invasion);
  • a business monitors your activities on the internet, recording information on the sites you visit without your knowledge (93% consider this a privacy invasion);
  • you supply your information to a business for a specific purpose and the business uses it for another purpose (93% consider this a privacy invasion);
  • a business asks you for personal information that doesn’t seem relevant to the purpose of the transaction (94% consider this a privacy invasion).

“However 84% of people do not consider being asked to produce identification to be an invasion of privacy.”

Health service providers
“While health service providers are regarded as the most trustworthy organisations people still expect to exercise some control over their health information,” Ms Curtis said.

“Thirty-eight percent of respondents do not agree that their doctor should be able to discuss their personal medical details with other health professionals, in a way that identifies them, without their consent even if the doctor thinks this will assist their treatment.

“Sixty-four percent of people felt that if a national health database was established that inclusion into the database should be voluntary. Also 64% of respondents felt that an individual’s permission should be sought before de-identified information derived from personal information about them is used for research purposes.”

Internet
“When it comes to protecting privacy online it seems many Australians are taking some action,” Ms Curtis said. “When asked what people were doing to protect their privacy online people said that they:

  • regularly updated antivirus software (80% of respondents)
  • used a firewall (80% of respondents)
  • rejected cookies (48% of respondents).

“People’s level of concern about the security of personal information when dealing over the internet has risen since 2001 from 57% to 62% in 2004.”

Awareness of the Office
“While sixty percent of respondents claimed to be aware that federal privacy laws existed, up from 43% in 2001, only 34% of respondents were aware that the Federal Privacy Commissioner existed,” said Ms Curtis.

“When asked to whom they would report the misuse of their personal information, 29% said they didn’t know. The remainder mentioned a number of different authorities or organizations, with 7% mentioning the Privacy Commissioner, 19% the ombudsman, 15% the organization involved, 13% the Police, 10% would report it to the local consumer affairs office, and 8% of respondents said that they would report it to their local or state MP.