Privacy Attitudes

OAIC takeaways from the Commission's latest small-scale privacy attitudes survey - 

• Three in five (62%) Australians see the protection of their personal information as a major concern in their life. 
•  Eight in ten (82%) care enough about protecting their personal information to do something about it, however 57% do not know what to do.  Only a third (32%)  feel in control of their data privacy. 84% want more control and choice over the collection and use of their personal information. 
• The 2 most common steps Australians are taking out of concern for their data privacy are checking an email, text message or phone call is not a scam before providing their information, and using unique passwords and not sharing them.
•  Three-quarters (74%) feel data breaches are one of the biggest privacy risks they face today, up by 13 percentage points since 2020. 
• Most Australians place a high level of importance on their privacy when choosing a product or service: 70% say it is extremely or very important and 26% say it is quite important. 
•  While many do not know exactly how they can protect their own personal information, the majority would like business and government agencies to do more in this area. 
•  Seven in ten (69%) said they are aware of the Australian privacy law that promotes and protects the privacy of individuals, and 89% want the government to provide more legislation in this area. 
•  Almost all Australians think they should have additional rights under the Australian Privacy Act. These include the right to: ask a business to delete their personal information (93% believe they should have this right) object to certain data practices while still being able to access and use the service (90%) seek compensation in the courts for a breach of privacy (89%) know when their personal information is used in automated decision-making if it could affect them (89%) ask a government agency to delete their personal information (79%). Australians are generally unaware some organisation types are exempt from the Privacy Act. 
• The majority believe political parties and representatives (82%), businesses collecting work­‑related information about employees (81%), media organisations in relation to their journalism activities (78%) and small businesses (77%) should be required to protect personal information in the same way as federal government agencies and larger businesses. 
•  Three in five (58%) Australians do not know what organisations do with their data. People often feel they have no choice but to hand over their personal information if they want to access a service (50% agree or strongly agree). 
•  Australians trust health service providers and federal government agencies the most and social media companies and real estate agencies the least when it comes to the protection and use of their personal information. 
•  Less than half of people trust organisations to only collect the information they need, use and share information as they state, store information securely, give individuals access to their personal information and delete information when no longer needed. 
•  91% are concerned about the prospect of their personal data being sent overseas. 
•  55%  consider having to share some personal information if they want to use a service fair enough. However, they generally only consider it fair and reasonable to provide their name (81%) and email address (77%) to organisations and, to a lesser extent, their phone number (68%), date of birth (62%) and physical address (61%). 
•  There are certain practices Australians consider not fair and reasonable, including the online tracking, profiling and targeting of advertising to children (89% not fair and reasonable). 
• Almost half (47%) said they had been informed by an organisation that their personal information was involved in a data breach in the 12 months prior to completing the survey in 2023. Three-quarters (76%) said they experienced harm as a direct result. 
• 52% saw an increase in scams and spam and almost a third (29%) said they had to replace key identity documents, such as a driver’s licence or passport. One in ten (12%) experienced emotional or psychological harm. 
• 47% say they would stop using a service if their data was involved in a breach, but this drops to a third for people who have recently experienced a breach. 
•  12% said there was nothing an organisation could do to appease them in dealing with the impacts of a breach. 
• Most Australians are willing to remain with an organisation that has suffered a data breach, provided the organisation quickly takes action, such as putting steps in place to prevent customers from suffering harm. 
•  A quarter (26%) of Australians believe the most important way an organisation can protect their personal information is by only collecting the information necessary to provide the product or service. 
• Australians view the second most important action organisations can take is proactive steps to protect the information they hold (24%).