Shortly after the Government's response to the Australian Law Reform Commission's Privacy Report. ACMA released its research report Attitudes towards use of personal information online.
Key findings include:
- There was an acceptance among research participants that using information and communication technologies means sharing personal information. The type of, and level to which, personal information is disclosed is seen to be within an individual’s control and a matter of personal choice.
- Users made informed decisions about the risks of disclosing personal information based on the context of their interactions, with two types of situations:
– transaction provision – disclosure of information necessary to obtain a good or service, e.g. internet banking, online shopping, eBay; and
– networking or social provision – where information disclosure is made within an online community to share or exchange opinions, beliefs and personal details, e.g. Facebook.
Respondents saw a distinction depending on nature of information users are providing. In the case of information provided in the course of transactions, a service provider such as a bank was expected to provide good security, whereas on social networking sites where the service provider is merely hosting the content, security breaches are accepted.
- Participants on the whole were generally well informed about both risks to their online privacy and strategies to protect their personal information. However, there was a widespread perception that breaches are inevitable, resulting in an accepting attitude towards their ability to fully protect their personal information online.
- Risks identified included identity theft, threat to personal safety, invasion of privacy, unwanted communications such as spam, financial loss, fraud and damage to reputation. Severity of these risks was assessed taking into account perceived likelihood of the information being misused and the severity of consequences.
Interestingly the Government's response to the Privacy Report only briefly dealt with the impact of technology on privacy: issues such as radio frequency identification (RFID), biometric systems and data matching will be left to guidelines, the internet was mentioned in passing and a recommendation about electronic health records was accepted in principle. Identity theft was only discussed in the context of credit.