In comments to mark Australian Privacy Awareness Week which runs from 12 to 18 May, Perry said the observance of the week served to remind people that organisations which lack ways to protect data from unauthorised sharing, data breaches and misuse stand to lose this trust. That, he added, would translate into lost business.
The Privacy Awareness Week is an initiative of the Office of the Australian Information Commissioner.
"To thrive in this increasingly complex landscape, organisations must carefully control which customer data attributes are accessible to applications. They must ensure that apps only have access to the attributes they need and, particularly for partner applications, that customers have consented to sharing data," Perry said.
"At the same time, centralised privacy management capabilities enable compliance with a growing number of dynamic privacy regulations. With centralised policies, businesses can confidently control how and where data is used.
"Without them, it’s risky to embark on new initiatives to improve customer experience, and you risk tight restrictions from security, legal and compliance teams. Those are steep sacrifices in today’s multi-channel marketplace, where competitive advantage lies in personalisation."
Joanne Wong, senior regional marketing director for security intelligence firm LogRhythm in the Asia-Pacific, said the week served to remind both consumers and employees that they should have good privacy and personal data protection practices.
"At work, you can adopt basic data protection practices for daily operational activities. It could be as simple as checking your emails to ensure there is no unnecessary personal data contained within before sending out," she said.
"Another step is to practise password hygiene, which could be as simple as using different passwords across applications or multifactor authentication and changing passwords often. Akin to security locks for physical security, passwords have long been a standard means of protecting information, most importantly for information both offline or online.
"We use it to lock our mobile devices, protect our online banking information and for businesses, protecting their network from unauthorised access.
"At the same time, as bad actors become more persistent and increasingly sophisticated in their methods of gaining access to our critical digital assets and information, chief security information officers have an ongoing responsibility to emphasise the importance of password hygiene.
"Indeed, companies need to put privacy at the heart of all new applications and processes. Privacy by design will need to be part of the organisation’s mind-set, not just an afterthought. This is really a principle that businesses need to be thinking about now, not later."
Phil Kernick, co-founder and chief technology officer of cyber security specialist CQR Consulting, said: "In 2010, Facebook publicly said that the age of privacy is over. Today, they are saying that the future is private.
"But what they aren’t acknowledging is that your private information is still yours, not theirs, even if you choose to share it on their platform.
"Personal information is the currency of social media. You need to protect it the same way you protect your wallet, and choose where to spend it wisely."
The Australian National Privacy Week provided a timely reminder to create or review privacy and security policies and ensure that staff training was part of any policy, according to Mark Sinclair, ANZ country manager of global network security vendor WatchGuard Technologies.
"Educating users is often the most overlooked area of security and the public mandatory data breach legislation reports show that user error is quite often a cause of a privacy or data breach," he said.
"Robust security technology is vital, but ensuring users are aware of policies, understanding how their privacy can be compromised, and the role they should take to keep data safe should be the first and last line of defence for every organisation."
Michael Warnock, Australia country manager of security solutions firm Aura Information Security, said: "When you look back over the past five years, adoption of new technologies like mobile and cloud have completely transformed many industries for both consumers and businesses. All have come to expect access to services from consumers wherever they happen to be and at whatever time they need."
He said at the same time, cyber-attacks demonstrated the vulnerable, expanded attack surface associated with greater cloud adoption.
"As organisations work to secure their applications and other sensitive assets in the cloud as part of their digital transformation strategies, these attacks demonstrate the need to quickly implement consistent security controls across cloud and on-premises environments to protect user privacy.
"After all, most people fail to only really care about cyber security until they are a victim of an attack. Cyber education in the workforce and awareness for individuals to manage their own privacy is not something people should do every 12 months with a few questions, it needs to be continuously reinforced and customised to front and centre of an organisation’s employee base."
Petr Adamek, chief executive of the Canberra Innovation Network, an ACT Government initiative to accelerate innovation and diversify the economy, said people wanted reassurance that their data was safe and secure.
"The best tech start-ups focus not only on attracting new customers and building amazing technology, but also on building trust of their customers," he said.
"Being serious about privacy and data protection and demonstrating it is a key ingredient in building such trust and setting your startup for success.
Budd Ilic, ANZ country manager of cloud security provider Zscaler, said the week provided an opportunity for Australian businesses to review the introduction of greater data cyber security hygiene into their enterprises.
"Organisations today need to take a more proactive approach to protecting and managing their customer data. At the same time, companies need to ensure they have insight into the various data pools, often kept in different departments within an organisation and identify whether permission to use personally identifiable information has been obtained," he said.
"Furthermore, in recent years, companies have had to put technology in place that helps them control and protect digital assets, and reconcile the disjointed conversations between departments to produce the shared insight necessary to update an organisation’s security posture.
"Processes should really now be in place to manage the data more effectively as companies have gained a better understanding of where they store PII and who has access to this, a necessity to be able to comply with the reporting requirements in case of data loss and to support robust customer privacy."
Albert Kuo, vice-president Asia Pacific for enterprise technology company ExtraHop, said: "Today, both business and consumer IT users experience encryption on a daily basis by way of the browsers and applications we use.
"Application providers have invested heavily in elevating privacy and protecting sensitive data through encryption policies and technology, yet personal information is still often leaked largely because of unintentional human error, the weakest link in any defence."
Kuo said if attackers obtained user credentials, then encryption was of no use.
"For this reason, no organisation is free from the risk of a breach. As a result, organisations should protect their IT users’ privacy with comprehensive network visibility and automation that speeds up the investigation process," he said.
"After all, the faster you can locate an attack source and mitigate the damage, the sooner it’s stopped, and the less damage done to users and the and the organisation's reputation."