CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 →

Privacy by Design

Observations in the Australian Market 2023

Analysis of 100+ top consumer brands operating in Australia and their performance against the seven globally recognised Privacy by Design principles.


Download report

Privacy by Design Observations in the Australian market 2023



Since the inception of the seven Privacy by Design principles in the 1990s, we have witnessed events that have been pivotal to changing the privacy risk landscape for organisations in Australia and globally. These shifts have ignited a cultural change in the expectations of consumers and citizens for organisations and governments to manage their data appropriately, protect their personal information and uphold their privacy rights.

This includes high-profile data breaches of Australians’ personal information by some of Australia’s most trusted brands, the increase of enforcement actions by privacy and competition regulators, and the COVID-19 pandemic, which has embedded technology in our lives and spurred innovation in data intensive technologies that leverage individuals’ personal information.

In Australia, these and other events have led to proposed changes to privacy law that will see the regime broaden in scope. For example, through expanding the definition of personal and sensitive information and reconsidering exemptions from the law, and introducing enhanced privacy rights for individuals, such as the right to erase their data and limitations on the use of targeted advertising, artificial intelligence and third-party data.

Globally, the International Standards Organisation’s adoption of the ISO 31700 on Privacy by Design signals how Privacy by Design is gaining traction worldwide. We have also seen regulators emphasize the value of Privacy by Design, with the Irish Data Protection Commission having imposed a fine of €265 million against a social network for a breach of the principles as they are embodied in the General Data Protection Regulation (GDPR). This indicates to us the global community’s growing expectations for their data to be protected against misuse or other privacy invasions.

Noting these events, it is time to reflect on our professional practices and consider the business and social imperatives to build not only privacy into the design of our technology, products and processes, but more broadly, data governance to effectively manage the data we hold.

Privacy and data governance approached in the right way can play an important role in driving better business performance, building consumer trust and attracting new opportunities. This is needed particularly as organisations’ data practices evolve, and privacy and associated data risks increase against a complex regulatory landscape.



Download the report


Assessing over 130 unique attributes, each aligned to one of the seven Privacy by Design principles, our Privacy Advisory team measured the publicly observable features of each brand’s web application including privacy attributes, and technical security capabilities that have positive and negative privacy impacts. Using a scoring methodology linked to the risk or benefit each attribute has on an individual, we’ve been able to determine how each of the industry sectors have performed in embedding Privacy by Design in their digital shopfronts – in particular, in contrast to how the industries performed in 2022.

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.