Banks take prize in privacy complaints

Money-related concerns top the list of complaints made about breaches under the first 12 months of Australia’s Privacy Act.

Despite investing millions of dollars to make IT systems and procedures compliant with the Federal Privacy Act over the last two years banking, finance and investment companies and share registries are generating large volumes of complaints according to a new list obtained by Computerworld from the Office of the Federal Privacy Commissioner.

The list breaks down the number of complaints by industry sector, with “Finance / Invest / Share Reg’s / Pawnbrokers” the clear leader with 206 complaints or 21.02 per cent market share of a total 979 complaints.

Despite having the clear advantages of size and intrusive powers, the federal government managed to run only second, with 130 or 13.28 per cent of complaints. Telcos and ISPs follow closely in third on 116 or 11.85 per cent of accusatory fingers. The information covers the period from Dec. 21 2001 to Dec. 21 2002. However, the nature of the complaints and the names of individual enterprises or departments are not available.

The new information highlights that while privacy compliance and awareness may have been achieved within IT departments and systems, there is still a long way to go before enterprises develop the same corporate culture that is afforded to the issues of security or anti-competitive behaviour.

Steve Bittner, research director for e-government and security with analyst firm Gartner Inc., told Computerworld that organizations had to “create real cultural change” in regard to privacy, warning that independent audits (akin to those used to measure the effectiveness of security) are needed: “Organizations make their own reality, so you need an external reality check,” he said.

Such reality checks needn’t be boring either. Bittner cites the merits of Intel’s inculcated anti-trust compliance culture over that of Microsoft’s, as described in the Harvard Business Review: “They went into people’s offices (from the bottom to the top), took their computers and went through the files on them. Then they had a mock trial and made the person squirm. And then they did the same thing six months later and then again… and again. If you look at who has (had the worse antitrust) problems, it not Intel, it’s Microsoft” Bittner said.

Leif Gamertsfelder, head of e-security and privacy board member of Deacons law firm, believes the government is keeping its powder dry, but has no doubt that prosecutions under the Privacy Act will eventuate. “To date it’s been a deliberately light-touch effort. The Privacy Commissioner (Malcom Crompton) is looking for the optimal test case (to set a precedent). He’s waiting for the right set of facts to cross his desk.”

The Australian Banking Association did not respond to inquiries.