I Spy: What big business wants to know about you

From Telstra and Optus to Qantas, Myer and the big banks, here's what Australia's big corporates routinely record about the personal lives of customers.

Help us add to this list. Share this article, and let us know in the comments below, on Twitter or on Facebook about any odd points of data that Australian companies gather about their consumers.


The introduction of Australia’s new strengthened Privacy Act was planned well over a year ago. But now -- as if by fate -- the new laws are being introduced just 24 hours after Telstra was fined a paltry $10,200 for mishandling and openly publishing up private information on up to 15,000 of its customers.

Under the new laws, Telstra could potentially be dealt civil penalties up to $1.7 million for such an offence. Of course, the telco’s hardly alone in tracking details personal details about its clients.

Putting the basics aside -- like your name, email, date of birth and possibly address -- here’s a quick list of some of the quirkier points of data that our major companies gather, and information on whether or not they offer it to third-parties or send it overseas.

By now, we all know that some also use computer tracking programs known as ‘cookies’ to keep an eye on your web browsing habits. But that’s not all. Some firms take a lot more information, and actually glean data that wouldn’t expect them to.  

By law, companies are forced to disclose what information they gather about their customers. They’re also forced to reveal how they gather it. This being said, not policies are crystal clear. Many use broad terms like ‘information that we deem necessary to record’ to legally cover off on what they’re gathering without actually telling you exactly what they’re tracking.

Hardly any of us trawl through each company’s extensive privacy policy to see what they actually record. So to mark the introduction of the revitalised Privacy Act, and explain the need for it, we did just that.


Commonwealth Bank (Privacy statement)

CBA says it collects location data from consumers when they use the bank’s apps and mobile tools and health information, which the bank says is for insurance purposes. The bank also states that it not only collects information from you, but also uses public registers, social media and information made available by third parties to fill in their registers.

  • Discloses some information to third-parties: Yes
  • Sends information overseas: Yes

National Australia Bank (Privacy statement)

The bank says is collects both health information and also additional contact information, including its customers social media handles and account names.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Westpac (Privacy statement)

As with the other big four banks (including ANZ), Westpac collects health information with customer permission for insurance purposes.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Myer (Privacy statement)

Myer says it collects its customer’s health information where it deems it “reasonably necessary for our functions or activities and either you have consented, or we are required or authorised by law to do so”. Again, it says this this is largely for insurance products it offers.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

David Jones (Privacy statement)

David Jones says it may collect your past purchase data in great detail, including your “shopping history, product types, departments, specifications, sizes, dimensions, colours, occasion date, or other attributes of products and services”.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Target Australia (Privacy statement)

Target says it collects information on its customers’ relationship status, and uses social media platforms and other open web databases to do so.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Telstra (Privacy statement)

In additional to all the normal criteria for information collection, Telstra stores your driver’s licence number and also information about your occupation. Telstra will also collect health information, for the sake of providing “priority assistance” to particular in-need customers. The telco also collects Centrelink identification numbers to process pensioner discounts.  

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Optus (Privacy statement)

Optus says is collects information on your location (using mobile GPS data), occupation, interests and financial information.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Vodafone (Privacy statement)

Vodafone also collects “driver’s licence number (or other approved government ID)” for the sake of verifying the identity of its customers. Vodafone also records information about customers “lifestyle activities” and also information on the websites you visit and the web searches you perform.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Coles (Privacy statement)

Coles says it keeps “household details” of its customers, as well as their “payment and transaction details/history”.  It also tracks its customers’ “preferences, interests and behaviour” in relation to its products and services.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Woolworths (Privacy statement)

Woolworths collects information on its customer’s engagement in particular promotions and offers. It also says it records health information when dealing with “public liability” issues with customers. The statement also says that it’s happy for customers to use a pseudonym and not give their real name where plausible.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Qantas (Privacy statement)

Qantas collects its customers’ dietary requirements and information regarding their health conditions, along with information on where they are travelling.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

Virgin Australia (Privacy statement)

Virgin Australia also stores dietary and health condition information. The company also tracks your “sporting and lifestyle interests”.

  • Discloses some information to third parties: Yes
  • Sends information overseas: Yes

So, do they sell this information or ship it overseas?

This is where all of the above companies’ privacy statements get pretty murky. None of them say that they “sell” consumers’ information, but all of them indicate that they do pass it to “third-parties” for largely product improvement of marketing purposes. Whether money is changing hands for this privilege isn’t mentioned at all.

The new amendments to the Privacy Act also force companies to state whether or not they are sending data overseas, and also indicate where exactly they are sending their data. All the companies above mentioned that they send data overseas, attributing the behaviour to the sharing of information with overseas subsidiaries. All of the documents state that measures are taken to protect this data, but few actually say what these measures are.

In a nutshell, all of these privacy statements say a lot, without actually telling consumers very much at all.

READ MORE: Privacy Act revisions: Little bark, no bite

Help us add to this list. Share this article, and let us know in the comments below, on Twitter or on Facebook about any odd points of data that Australian companies gather about their consumers.

Got a question? Ask the reporter @HarrisonPolites on Twitter or in the comments below. 

Related Articles