Half of Aussies would close, stop using their account post-data breach: OAIC

Data breach privacy OAIC survey

Nearly half (47 per cent) of Australians would close their account or stop using a product or service provided by an organisation that had lost their data in a breach incident, according to a new report by the Officer of Australian Information Commissioner (OAIC).

The OAIC’s survey report, Australian Community Attitudes to Privacy 2023, further found that just five per cent of data breach victims would continue to supply personal data to an organisation that has experienced a data breach.

At least one-third (32 per cent) of respondents also said they would lodge a complaint with the OAIC after a data breach.

Around half (45 per cent) would contact the organisation to ask them what to do next and a third (33 per cent) would wait for the organisation to contact them, then follow their instructions.

Fewer than one in 20 respondents said they would do nothing as victims of an organisational data breach.

However, it appears, despite concerns over the potential for data loss (particularly around identity theft and financial or credit fraud), a notable number of victims of an organisational data breach would continue to use this business’s services post-breach.

Indeed, while the survey found that 56 per cent of respondents who have yet to experience a data breach declared they would stop using an affected organisation’s product or service, only one-third (36 per) of actual victims of such data loss event said they had stopped.

Seventy per cent of Australians place a high level of importance on their privacy when choosing a product or service, rated, after quality and price, the third most important factor in their selection.

Three-quarters of those involved in a data breach said they experienced some form of harm as a result, including a tangible increase in scams, spam texts or emails (52 per cent of respondents), a need to replace key identity documents (29 per cent), and financial or credit fraud (11 per cent).

One in ten said they also experienced emotional or psychological harm.

Most Australians are willing to remain with an organisation that has suffered a data breach, provided the organisation takes prompt action, with just 12 per cent stating there is “nothing an organisation could do” to influence their return.

Those organisations that place in place clear steps to prevent customers from experiencing further harm from the breach and making improvements to security practices would get nearly two-thirds of their customers back.

Moreover, open communication with consumers is key for many customers, with 60 per cent of respondents noting that timely reporting of a breach incident to affected customers would influence their decision to stay.

Trust in FSIs grows

Alongside health services providers and federal government agencies, financial services remain among the most trusted industries when it comes to consumers’ perception on how they protect and use their personal information, with around 61 per cent of survey respondents deeming FSIs ‘somewhat trustworthy’ or ‘very trustworthy’.

This is in fact an 11 percentage point jump from the last OAIC consumer survey, in 2020, where just 50 cent of survey respondents rated banks and other financial services as trustworthy.

This also compares to around one in five – around 20 per cent of – individuals trusting real estate agents and social media companies, the lowest rated sectors.

Insurers, counted separately, were the fifth-most trusted industry in the latest survey, after education providers.

On the use of biometrics, more than half of respondents said they were comfortable with its use in everyday banking (56 per cent), with similar results for its use in accessing government services (56 per cent). Around one quarter expressed discomfort in the use of biometrics for banking.

With the increasing prevalence of artificial intelligence systems, more than 61 per cent expressed that they were uncomfortable with businesses using AI to make decisions about them, with a little over one in 10 stating they were comfortable with such an arrangement.

Upwards of two-thirds of respondents said they had a right to have a human review a decision made by an artificial intelligence engine (73 per cent), and also to be told that AI is being used to make such a decision (71 per cent).

The OAIC report found that three out of four Australians would consider data breaches one of the biggest privacy risks they face today – a 13 percentage point jump since 2020, when the last survey was conducted.

“Australians see data breaches as the biggest privacy risk today, which is not surprising with almost half of those surveyed saying they were affected by a data breach in the prior year, said OAIC commissioner Angelene Falk.

She added that concerns around privacy have grown, particularly with the fast-scale development of artificial intelligence and biometrics technologies.

“There is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required.”