Australians are more concerned than ever over the handling of their personal information and want tough laws to protect them after the Optus and Medibank cybersecurity breaches, a new study has found.
The latest Australian Community Attitudes to Privacy Survey, released on Tuesday by the Office of the Australian Information Commissioner (OAIC), found three-quarters of Australians feel data breaches are one of the biggest risks to privacy they face. That is an increase of 13% since the survey was last conducted in early 2020.
The information commissioner, Angelene Falk, said privacy was more front in mind after the past three years, after the pandemic and the Optus and Medibank data breaches, which affected tens of millions of Australians last year.
“We’ve had the experience of the centrality of personal information in the pandemic response to contact tracing,” she said. “We’ve also had major data breaches over the last year with millions of Australians being affected by those breaches, as well as community debate and focus on the use of technology and artificial intelligence.”
The growing number of data breaches has not led to fatigue on privacy – or an expectation that people’s personal information will be breached in some form. The survey found 78% of Australians place a high level of importance on privacy when choosing a product – the third-most important factor behind quality and price.
Protection of their personal information was seen as a major concern in life for 62% of people, but 57% of people do not know what to do to protect it.
Despite the Medibank breach, health providers were the most trusted for data, while social media companies were the least trusted.
As the federal government looks to overhaul Australia’s privacy laws, nearly nine in 10 respondents said they want the government to legislate to protect privacy more, including the right to ask a business to delete personal information (93%), object to data collection practices while still being able to use a service (90%) and seek compensation in the courts for a breach of privacy (89%).
The survey was carried out in March 2023, with a national representative sample of 1,916 unique responses from people aged 18 and older.
The OAIC was allocated $5.5m over two years in May’s budget to investigate the Optus data breach, which it announced in November last year. But despite the funding, the case has not been finalised in the 10 months since it was announced.
In the federal court last week, in a hearing of a class action case against Optus over the same breach, Justice Jonathan Beach expressed frustration at the delay in investigating the case.
He ordered the OAIC to be represented at the next case management hearing for the case in mid-September, indicating that the OAIC might be required to produce the complaint it received for Optus.
Falk told Guardian Australia the OAIC seeks to make decisions in the most fast and effective way, but the Optus investigation is complex.
“These representative complaints are raising very complex issues where we have multiple parties seeking to make representative complaints and a piece of legislation that doesn’t set out clear processes,” she said. “So we are working that, through there are legal complexities, and there should be a decision forthcoming shortly.”
Falk said one of the proposed reforms to allow individuals to take court action against companies for privacy breaches might be one method to improve the current system, and one that had overwhelming support according to the survey.
“That would allow these class actions that are raised in other areas of law like consumer competition, contract negligence, to be heard in conjunction with privacy breaches,” she said.