Nearly half of employees inadequately trained on Privacy Act compliance

Only 54 percent of workers believe their employers have given them adequate training about how to preserve the privacy of customers' personally identifiable information (PII), a new survey has found as privacy authorities spruik a new privacy management framework designed to help Australian organisations improve privacy compliance efforts that have been slammed as inconsistent and unbelievable by consumers.

Released by the Office of the Australian Information Commissioner (OAIC) to mark the 2015 Privacy Awareness Week – an annual awareness exercise run by the Asia Pacific Privacy Authorities (APPA) forum – the new Privacy management framework is designed to help organisations boost employee awareness of privacy responsibilities.

Specific recommendations are intended to inform organisations' privacy response along four key steps: embedding a culture of privacy, establishing robust and effective privacy processes, evaluating privacy processes to ensure continued effectiveness, and enhancing organisations' response to privacy issues.

“Privacy management is an obligation that is continuous and proactive and for it to be successful, it must have support from an organisation's leadership team,” Australian privacy commissioner Timothy Pilgrim said in a statement.

“A privacy management plan should commit both people and resources to make sure there is clear accountability for privacy in your organisation.”

Despite the myriad new responsibilities placed on organisations to protect PII by the overhauled Privacy Act – implemented a year ago to – to some positive assessments – an OAIC review published this week found that just 55 percent of companies had adequate privacy policies in place.

These results were reinforced by the results of an Intel Security survey of Australians' privacy attitudes found that most Australians are still extremely poorly educated about the Privacy Act's new protections, or indeed its existence at all (just 8 percent of respondents could even name the Act).

Only 54 percent of the 1238 surveyed respondents said their workplaces had appropriately informed them about their responsibilities in protecting the PII of the people they deal with as part of their job.

The security risks of bring your own device (BYOD) policies, which allow employees to use often insecure personal devices at work, were felt by 33 percent of respondents to outweigh any potential benefits.

Consumer attitudes supported the suggestion that many employees remain poorly trained about how to manage personal information, with just 41 percent of respondents saying that businesses clearly explain how they manage personal information – and only 41 percent saying that businesses with a privacy policy actually comply with it.

Fully 13 percent of respondents said they had had problems with the way their online personal information was handled in the last 12 months, with just 24 percent of respondents saying they felt businesses were quick and effective in fixing the situation when there had been misuse of personal information.

Respondents were split when asked who was responsible for protecting privacy, with 35 percent putting the blame on the individual and 34 percent deferring to the government. Just 28 percent believe that businesses carry primary responsibility.

Seeking to empower individuals to improve privacy protection, the OAIC also market Privacy Awareness Week by releasing a fact sheet outlining 10 practical tips to help protect personal privacy.

“It is important to take control over what happens to your personal information,” Pilgrim said. “We can all take simple actions such as reading privacy policies, being careful what we share on social media, using up-to-date security software and securely destroying our personal information. This can all contribute to the protection of our privacy’.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Tags employeesprivacy actOffice of the Australian Information Commissioner (OAIC)personally identifiable information (PII)privacy management framework(BYODPrivacy Act compliance

Show Comments