A majority of Australians trust government with their privacy, but agencies need to better explain how they use personal information, say a group of ANU researchers.
Trust in government may have been falling in recent years, but people still trust government with their personal information more than most other institutions.
The 2017 Community Attitudes to Privacy Survey found 58% of Australians trust federal and state governments with their personal information.
While health service providers (79%) and financial institutions (59%) scored better, charities (38%) and retailers (28%) fared worse than government. The social media industry (12%) did particularly poorly.
This is borne out by how people behave: while 58% have decided not to deal with a business out of privacy concerns, only 16% said the same of government.
Yet most Australians still use social media, despite not trusting the companies operating those platforms.
This shows privacy is more complicated than just keeping information secret, and is often more about retaining a sense of control, note the authors of a policy options paper recently released by the National Security College at the ANU.
Plus it depends what you get in return.
“Context matters,” argue authors Adam Henschke, Ryan Young, Maia Gould and Hannah Smith.
“People may be willing to share information with a specific group, but are horrified when they find out that others can access this information.
“People are also willing to accept certain uses of their data in exchange for fair value — typically, access to online services.”
Citizens typically have four key expectations when they share personal information:
- To retain some control over how it is used and further shared
- Clarity regarding how it is used
- That it is treated with care
- That it is treated with a level of competency
“People are generally happy to share information, and for organisations to do more with the information they hold, provided this occurs in a way that maintains trust,” they say.
Government agencies “generally do a good job at ensuring personal information is treated appropriately”, the authors argue.
In fact, the safeguards in place are often stronger than the public expects.
“For example, nine out of ten citizens assume that agencies are already sharing personal information, especially basic data like demographics and tax file numbers,” they write.
“However, as government officials know, it is often difficult to share any information about citizens between departments.”“Nine out of ten citizens assume that agencies are already sharing personal information, especially basic data like demographics and tax file numbers.”
This perception gap is partly down to a lack of clarity in government communications.
“Too often, they default to explanations about how they treat personal information that refer to compliance with the Privacy Act rather than explaining in simple language what they actually do.
“Moreover, the emphasis in government communication tends be on keeping information secret. Communications should clearly identify what data is collected, and how it will be managed and treated with care.”
People are “generally comfortable” with information being used for the reason it was collected for, but react negatively to use for other purposes.
“If, for example, data collected to improve policy and/or service delivery is later used for compliance, the public reaction may be negative and trust will be broken,” the ANU authors argue.
Technology is increasingly allowing data to be shared with lower risk of privacy breaches.
“Where possible, departments should use analytic tools that allow automated extraction and sharing of relevant data and reports, rather than entire data sets,” they believe.
Agencies should also focus more on competence, rather than falling back on compliance.
Banks, despite generally being distrusted, are reasonably well-trusted on privacy because they are competent data managers.
“Notably, banks do not pretend that information is fully secure but maintain public trust by being transparent when breaches occur and by rectifying losses to the extent possible,” they write.
“This suggests an important lesson: competence in managing data is no longer just about protecting it from theft or misuse, it is also about responding quickly and appropriately when something goes wrong.
“… Slow responses create space to allow public fears to grow — particularly when questions arise about if and when an agency knew and why it didn’t tell anyone.”