Top websites among the riskiest, Australian study shows

Some of Australia's most popular websites are also those that pose the greatest privacy threat, a new index created by University of Canberra cyber security experts has found.

In an Australian first, the University's Centre for Internet Safety has produced the 2013 Australian Online Privacy Index to rate the websites most visited by Australians.

While Australian-based sites rank among the best, the majority are not compliant with changes to the Privacy Act which comes into force in March 2014.

Nigel Phair, co-director of the Centre, said the list examined 76 of the most popular websites ranging from e-commerce and search engines to banking and mainstream media. The list excluded pornographic and torrent sites, as well as those capturing clicks from the sites on the list.

"We reviewed privacy policies along with the number and duration of tracking cookies. Government websites ranked the best, followed by those from the banking & finance sector. The worst was a US-based photo sharing website," Mr Phair said.

The Victorian Government led the list with the best privacy policy, while the worst privacy policy was held by the photo-sharing site www.imgur.com. Harveynorman.com.au had the highest number of tracking cookies among Australian websites.

The top sites with best privacy policies:

1. vic.gov.au
2. westpac.com.au
3. australiapost.com.au
4. jbhifi.com.au
5. suncorpbank.com.au
6. stgeorge.com.au
7. ebay.com.au
8. commbank.com.au

*nine websites tied for equal ninth place.

The 10 websites with the highest tracking cookie count:

1. imgur.com
2. dailymail.co.uk
3. harveynorman.com.au
4. cnet.com
5. guardian.co.uk
6. officeworks.com.au
7. news.com.au
8. realestate.com.au
9. ninemsn.com.au
10. ebay.com.au

Mr Phair said there were a few surprises along the way. "We were impressed, for example, that Virgin Australia explained how it would act in case of a data breach."

Co-director Alastair MacGibbon explained that to develop the index, the researchers looked at how websites collect, use, disclose, transfer and store customers' personally identifying information.

"Many are ignoring basic privacy principles. And most of the privacy policies we analysed were below the standard necessary to explain the way the service will handle personal information," Mr MacGibbon said.

He warned that the privacy regulatory environment is changing. On 12 March 2014, Australia will see a significant change in the way organisations are required to deal with sensitive private information collected in the course of their activities.

"This report demonstrates the majority of organisations are not ready for these regulatory changes," he said.

The new index will allow consumers and regulators to assess the privacy implications of interacting with popular websites. It will also allow businesses to compare themselves with peers in their own sector, as well as to know how their sector fares against others.