If business fails to react to consumer concerns about privacy, government may have to force them to the tableA recent survey of the top 200 most accessed Web sites in Australia found more than 90 per cent were failing to adequately inform consumers about the personal information they collected.
An incredible 51 per cent of the 171 Web sites that gathered personal information from the user failed to include a privacy statement on their Web site. Only six per cent had a formal and comprehensive privacy policy, while 43 per cent gave the user some indication of their information practices or privacy policies, but provided minimal information regarding their collection. Just 11 per cent of sites surveyed had an adequate privacy policy.
Alarmingly, some of the worst offenders were sites that typically collected a great deal of personal information from the user, including NineMSN, Telstra, OzEmail, Optus and Qantas.
This is not only short-sighted, it's just plain stupid. As survey author Australian National University law faculty masters candidate Ben Macklin states in his accompanying report: "The Web site survey gives a clear indication of an Australian Internet market place that is immature and still developing. The scarcity of adequate privacy policies is an important indicator of this."
There's plenty of solid evidence that consumer concerns about their privacy are impeding the take-up of electronic commerce, especially when it comes to purchasing online. The endless studies showing people remain deeply concerned about privacy must be seen as fair warning to any company that fails to consider privacy issues in its e-commerce, CRM, data warehousing and marketing efforts.
US organisations have reacted decisively in the face of such consumer concerns, both in recognition of their potential ability to impede the take-up of e-commerce and in fear that if they don't act, the US Government may regulate to force them to act.
Determined to forestall such government intervention, Internet heavyweights responsible for generating about 80 per cent of all Internet traffic, including IBM, Disney and Time Warner, have launched the Online Privacy Alliance, defining a code of practice and developing a privacy symbol to be carried by Web site code observers.
Australian business should look seriously at doing the same. If they don't, the Australian Government may need to consider toughening up the light-touch" Privacy Legislation it is due to introduce to the private sector, in the interesting of building trust online.
The current proposal is for the Government to base its legislation on the Privacy Commissioner's National Principles for the Fair Handling of Personal Information and the draft Data Protection Bill of Victoria. It would involve the adoption of industry codes approved by the Privacy Commissioner. It would also enforce minimum privacy standards in areas where industry codes are not adopted.
It is not unreasonable for the Government to want to avoid placing an undue burden on business. But the dismal track record of business to date raises fears the "light-touch" regulation may not be enough. As Macklin says: "The . . . survey reveals that in an environment without legislation, organisations online have not addressed the privacy and security concerns of the consumer."
If a "light touch" proves inadequate, the Government may be forced (and well advised) to get heavy.
Sue Bushell is a Canberra-basedpolitical correspondent