CyberCX study shows data vulnerabilities worse in certain sectors
Industries such as health, fitness and retail are failing their data privacy practices, as the Attorney-General announces a dedicated privacy commissioner.
Analysis of more than 100 companies in Australia has revealed an urgent need for them to improve privacy protection or risk another large-scale data breach.
In particular, industries such as health, fitness and retail are falling behind in their privacy practices, the analysis shows.
The report by cyber security firm CyberCX comes in the wake of high-profile privacy breaches of Optus, Medibank and hotel giant Merton affecting millions of Australians.
Assessing 100 companies over 11 sectors against the internationally recognised Privacy by Design Principles, CyberCX found the telco and technology sector was the top performer of all industries.
The Privacy by Design Principles include proactive rather than reactive privacy measures, privacy embedded in the design of websites and platforms, and end-to-end security and transparency.
After the telco and technology sector, the goods and grocery sector ranked as the next best performer adhering to the Privacy by Design Principles, while government ranked as number three.
The report found that businesses which performed the worst embedded “more privacy invasive tracking technology” when users browsed their website and engaged in more third-party data sharing, such as with advertising companies.
CyberCX privacy lead David Batch said private and public sector businesses needed to examine their privacy settings and better safeguard Australians’ personal information.
“Australians, the business community, and government have never been more aware of the implications of poor privacy and data hygiene,” he said.
Mr Batch said the economy relied heavily on digital channels to communicate, and organisations needed to ensure that privacy practices were ramped up to meet public expectations.
The report pointed to looming changes to privacy laws which could improve protections across the board, such as the right for individuals to request companies erase their data.
The change, also known as the “right to erasure”, is one of many being recommended to government by the Attorney-General Departments’ privacy act review. Other suggestions include the right for individuals to sue companies if their data is breached in a cyber attack.
Attorney-General Mark Dreyfus on Wednesday announced he would appoint a dedicated privacy commissioner in response to the growing threat of data breaches.
“The Australian people rightly expect greater protections, transparency and control over their personal information and the appointment of the stand-alone privacy commissioner restores the Office of the Australian Information Commissioner to the three-commissioner model parliament originally intended,” Mr Dreyfus said.
More Coverage
Atlassian founders add $4bn to their personal fortunes
The personal fortunes of two of the nation’s richest businessmen rocketed by a massive $4bn on paper Friday when investors responded to their tech company beating revenue expectations.
How DeepSeek has exposed the short lifespan of monopolies
The top investors will tell you that monopolies are the best investments money can buy but as the emergence of China’s DeepSeek shows, assumptions about sectors can be short lived.