Only one in 30 Australian enterprises comply wtih new privacy laws that come into effect in December, according to research by Deloitte Touche Tohmatsu.
The company's intellectual property and privacy national director, Ulysses Chioatto said Australian companies are increasing CRM expenditure but paying little attention to effective data privacy management (DPM).
Chioatto said only 19 per cent of Australian organisations have a dedicated database management mechanism.
"There are no dedicated resources to DPM which is an important issue; companies need to be aware that effective CRM is relevant to good privacy," he said.
"Good data management translates into huge savings; our research shows for every $1 spent there is a $10 return on investment."
Speaking at an e-privacy roundtable organised by Tivoli Systems, Chioatto said 89 per cent of spam, junk mail and telemarketing is wasted as a result of poor DPM.
Bernard Hill, privacy barrister and senior manager of corporate consultancy 90East, said there are plenty of challenges for business before full compliance with the Privacy Amendment (Private Sector) Act.
Hill said companies must demonstrate how they will handle, store and maintain customer information to ensure it is accurate and individuals have access to any information kept about them.
Under the act a company must repond to requests by individuals to view information held about them within 14 days and provide the information within 30 days.
Customers can then update or correct any misleading information held on a database.
"It is a labour intensive process for companies to administer and will also involve a great deal of staff training," Hill said.
Jurisdiction for the new act comes under the Federal Magistrates Court.