OAIC Privacy Survey Reveals Insights from COVID-19 Australia

The Office of the Australian Information Commissioner (OAIC) has recently published the 2020 Australian Community Attitudes to Privacy Survey (ACAPS).

The ACAPS provides insights to Australians’ views and understanding of privacy and privacy-related issues. Interestingly, the ACAPS also includes a snapshot of those views during the COVID-19 outbreak.


Interestingly, the survey was carried out during the COVID-19 pandemic, and the OAIC took the opportunity to pose questions specific to this unusual point in time.

Significantly, half of Australians considered their privacy to be more at risk during COVID-19[1] and 72% agreeing that the pandemic “does not excuse business or government from meeting their usual obligations under privacy laws.”[2]

Many entities are working under extreme pressure to deliver greater than normal services, which can lead to errors. Recently, The Department of Foreign Affairs and Trade inadvertently disclosed the personal email addresses of some ‘vulnerable Australians’ by ‘cc’ing’ rather than ‘bcc’ing’ email recipients. This type of error is common, however it does show the importance of robust privacy practices that can withstand high pressure work environments.

Privacy Policies

For entities captured by the Privacy Act 1988, perhaps the most practical take away from ACAPS is about the attitudes of Australians to the Privacy Policies which the entities must publish, with only 20% reading and being confident they understand these important documents.[3]

The ACAPS reveals that ease of comprehension and navigation are very important attributes for a privacy policy. The responses indicate that Australians support three key improvements:

  • The use of icons as a visual indication that certain activities are undertaken;
  • A plain English summary are the start;
  • A standard, simple language used in all policies.[4]

What is concerning is that 44% of Australians chose not to use a service after reading a privacy policy.[5] However, we consider this is more likely to be a problem when a privacy policy is so dense and complex that the reader cannot make sense of it, and just gives up on going any further.

So what can you do?

You can review your policy and consider how it is written and presented to ensure comprehension by those that read it. Privacy professionals such as Griffin Legal can help with that to ensure your privacy policy effectively discharges your obligations, and informs the reader in a clear and concise way.

Privacy as a selling point

ACAPS comes at a time when large companies such as Apple are promoting their focus on privacy. Apple even acknowledge the difficulties in doing so:

We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in.[6]

This shift to promoting privacy by big corporations seems consistent with concerns expressed by Australians, with more than half being “uncomfortable with a business combining data about their customers (for example, loyalty card transaction history) with other data (for example, IP address, type of browser used) to better profile their customers.”[7]

Despite these concerns, the average Australian carries four to six loyalty cards.[8]  Australian’s concerns may be warranted though as the Australian Competition and Consumer Commission states “that some loyalty schemes collect and use their customers’ data in order to develop consumer insights, which may be shared with or sold to other businesses, and to target customers with tailored advertising. Some loyalty schemes may also use this data to deliver targeted and personalised advertising to their own customers on behalf of other businesses.”

This apparent contradiction between attitudes and actions may be explained through some of the ACAPS findings which suggest Australians, or at least certain cohorts, are not reading or cannot understand what information companies are collecting or what they will do with it, which takes us back to our first point about the importance of clear privacy policies.

Now is the opportune time to revisit your privacy policy, especially if it has not been refreshed since the Australian Privacy Principles commenced in 2014.

Contact Griffin Legal, and we can help you produce a contemporary privacy policy that meets the expectations of your customers.

[1] Page 103

[2] Page 110

[3] Page 8

[4] Pag 76

[5] Page 72

[6] https://www.apple.com/au/privacy/

[7]https://www.oaic.gov.au/assets/engage-with-us/research/acaps-2020/Australian-Community-Attitudes-to-Privacy-Survey-2020.pdf, page 30.

[8] https://www.accc.gov.au/system/files/Customer%20Loyalty%20Schemes%20-%20Final%20Report%20-%20December%202019.PDF

Through to the keeper: Do you know your sporting organisation’s privacy obligations?

Despite being 30 years old, organisations can still be confused about their obligations under the Privacy Act 1988 (Cth) (Privacy Act). Whether the Privacy Act even applies can be a minefield for sporting organisations such as sporting clubs, gyms, and governing bodies. Unfortunately, ignorance of the law excuses no one, and fines for a breach of the …
Read more

laptop in the dark with code

Revised data encryption laws explained

A controversial shake up to Australia’s data laws came into force in December 2018. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (the Amendment) amended several pieces of legislation to enable the Government to access the communications of individuals in the name of national security. The Amendment was passed to make it …
Read more

modern data breach

Unpacking modern Data Breaches: Is your data safe?

In November 2018, the Australian National University (ANU) suffered a massive data breach where up to 19 years of sensitive and personal data were obtained by an unknown hacker. The ANU has said that the hack not only affected students and professionals in Canberra but that it had the potential to affect a number of …
Read more