Top websites among the riskiest, Australian study shows

Dec 23, 2013 by Claudia Doman
Top websites among the riskiest
University of Canberra cyber experts have created Australia's first online privacy index that rates how compliant websites are of privacy policies. Credit: Michelle McAulay.

Some of Australia's most popular websites are also those that pose the greatest privacy threat, a new index created by University of Canberra cyber security experts has found.

In an Australian first, the University's Centre for Internet Safety has produced the 2013 Australian Online Privacy Index to rate the websites most visited by Australians.

While Australian-based sites rank among the best, the majority are not compliant with changes to the Privacy Act which comes into force in March 2014.

Nigel Phair, co-director of the Centre, said the list examined 76 of the most popular websites ranging from e-commerce and search engines to banking and . The list excluded pornographic and torrent sites, as well as those capturing clicks from the sites on the list.

"We reviewed privacy policies along with the number and duration of tracking cookies. Government websites ranked the best, followed by those from the banking & finance sector. The worst was a US-based photo sharing ," Mr Phair said.

The Victorian Government led the list with the best , while the worst privacy policy was held by the photo-sharing site www.imgur.com. Harveynorman.com.au had the highest number of tracking cookies among Australian websites.

The top sites with best privacy policies:

  1. vic.gov.au
  2. westpac.com.au
  3. australiapost.com.au
  4. jbhifi.com.au
  5. suncorpbank.com.au
  6. stgeorge.com.au
  7. ebay.com.au
  8. commbank.com.au

*nine websites tied for equal ninth place.

The 10 websites with the highest tracking cookie count:

  1. imgur.com
  2. dailymail.co.uk
  3. harveynorman.com.au
  4. cnet.com
  5. guardian.co.uk
  6. officeworks.com.au
  7. news.com.au
  8. realestate.com.au
  9. ninemsn.com.au
  10. ebay.com.au

Mr Phair said there were a few surprises along the way. "We were impressed, for example, that Virgin Australia explained how it would act in case of a data breach."

Co-director Alastair MacGibbon explained that to develop the index, the researchers looked at how websites collect, use, disclose, transfer and store customers' personally identifying information.

"Many are ignoring basic privacy principles. And most of the privacy policies we analysed were below the standard necessary to explain the way the service will handle personal information," Mr MacGibbon said.

He warned that the privacy regulatory environment is changing. On 12 March 2014, Australia will see a significant change in the way organisations are required to deal with sensitive private information collected in the course of their activities.

"This report demonstrates the majority of organisations are not ready for these regulatory changes," he said.

The new index will allow consumers and regulators to assess the implications of interacting with popular websites. It will also allow businesses to compare themselves with peers in their own sector, as well as to know how their sector fares against others.

Explore further: Fifth of websites 'lack privacy protection info'

More information: Read the report: www.canberra.edu.au/cis/storage/AOPI_FINAL.pdf

add to favorites email to friend print save as pdf

Related Stories

Websites fail to protect personal data, researchers contend

Oct 12, 2011

By signing in to many of the Web's most popular sites, consumers send their names, email addresses or other personal information to other websites and data-collection companies, according to a Stanford University study that ...

Recommended for you

US warns retailers on data-stealing malware

16 hours ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Irish bookmaker apologizes for 2010 data breach

16 hours ago

(AP)—Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details ...

User comments : 0