Businesses and consumers increasingly concerned about data privacy: Deloitte

Banking and finance, government, and energy sectors were identified as the three most trusted industries by consumers when it came to data privacy, according to the latest survey by Deloitte.

The Deloitte Australian Privacy Index 2016 also showed the three least trusted industries were social media, media, and real estate.

Tommy Viljoen, Deloitte risk advisory partner, said there is a direct correlation between regulation and trust.

"The [industries] that ranked the highest is where they have lots of regulation; while those that are less regulated are far less trusted by consumers," he said.

While the trust ranking for social media dropped eight places from 2015, Marta Ganko, Deloitte risk advisory client manager and co-author of the report, pointed out that social media is one industry where disclosure about data and privacy is most transparent, indicating there is sometimes a disconnect between what consumers think and what is actually happening.

"What we saw this year is from a consumer sentiment perspective, social media went down quite considerably. I was quite surprised because when you do look at the practices and what the apps actually do or what they do on their websites, they actually do employ quite good practice because they do tell us everything about what they're doing, how they use cookies on their website. So there's that disconnect in terms of what consumers think because of the perception that is out there ... versus what is actually happening," she said.

She added that the news around how social media companies are using consumer data to carry out experiments could potentially have been another driving factor behind the perception of how the social media sector handles consumer privacy.

The report also highlighted consumers are now more discerning when it comes to privacy and data protection -- 94 percent of consumers now rate trust as more important than ease of use of a website, app, or device. In fact, more than 21 percent of consumers want to know if their information is sent to third parties, while another 14 percent of consumers want to know how their personal information is protected.

Meanwhile, credit card details followed by identification numbers and medical records were the top three types of information that Australian consumers were most concerned about sharing due to their sensitivity.

"Consumers are becoming more discerning and that means organisations who do well are the ones who are informing consumers on how their data is being used, how it's being handled, how they're managing third parties, how they're managing other entities they're associated with, and also inform the consumer of the risk they face when they share that information, so level of granularity is high," Viljoen said.

He also noted another key trend is consumers are after choice in what privacy conditions they opt in to. Viljoen said by giving this option to users, it could however potentially impact the amount of access a business has to a user's data.

"In some instances organisations will lose the ability to support a consumer, and really what they've got to do is weigh up do they want trust of the consumer or are they going for a volume play where trust is not as important," he said.

From an organisation point of view, the way in which businesses are managing privacy is changing, the Deloitte report showed. While 43 percent of privacy is still managed by legal, 23 percent is being managed by the risk department, and another 15 percent is handled by compliance.

The report revealed more than 84 percent of organisations said they have hired a privacy officer, and 73 percent of those privacy officers' roles is to manage privacy for the organisation full-time.

"Traditionally, privacy has always been a legal consideration for organisations, making sure it's compliant with the law. But what we're starting to see is that organisations are starting to take the next step towards best practice by making sure not only does the legal staff understand the organisation's privacy obligation, but expanding it out to the rest of the organisation as well," Ganko said.

Deloitte also assessed the privacy policies of mobile apps and devices, and found overall 81 percent of data that left the mobile device went overseas. More specifically, the technology sector sent and received the most data compared to other sectors. However, consumers are being informed about it, Ganko pointed out.