Why Privacy Is What It Is...

The Ponemon Institute and TRUSTe have just released their annual Most Trusted Companies for Privacy report. As part of this report, the groups asked consumers about the factors--positive and negative--that shaped their perceptions of companies' privacy practices. (Full disclosure: I am a fellow of the Ponemon Institute.)

Bar Charts 3 and 4 in the Ponemon/TRUSTe survey are instructive. In Chart 3, we see that the strongest indicators for trust among consumers is reputation, respect for consumers, and product quality. This explains why certain information-intensive companies, such as Amazon.com and American Express, are routinely top-ranked for privacy trust. A smaller number of consumers is evaluating companies on actual privacy practices--limits on sharing of data, disclosures around policies, and the presence of third-party reputation seals.

i-3e79ebf4a285379623797ebf003b47e5-trustgraphs.jpg

Chart 4 shows what factors decrease privacy trust, and the most influential factor is a data security breach. "Irresponsible marketing" is next, which I assume means that one receives some type of advertising pitch from the company. Again, these constitute the information most available to consumers, and are not truly indicative of a company's respect for consumer privacy.

Studies such as Ponemon's help us understand why companies do not compete on policies that maximize privacy rights. One problem is that consumers don't possess the best information to evaluate and compare companies' practices. Privacy policies go unread, but even when read, they have other shortcomings. They can be beyond comprehension, contradictory, or simply vague about actual practices. As a result, other characteristics of a company are used as shorthand to assess "trust," and this introduces unfairness and arbitrariness into the evaluation of a company on privacy.

More like this

In the second of three guest posts, lawyers Daniel Vorhaus and Lawrence Moore of the superb blog Genomics Law Report discuss the implications for personal genomics customers if their provider goes bankrupt. In part one of the series (posted yesterday), Vorhaus and Moore dissected the implications…
In this series of three guest posts, lawyers Daniel Vorhaus and Lawrence Moore of the excellent Genomics Law Report provide insight into the intriguing question of what happens to customers' genetic data in the event that a personal genomics company goes out of business. Part II and III of this…
In this final post of their three-part series, lawyers Daniel Vorhaus and Lawrence Moore of the superb blog Genomics Law Report analyse the legal repercussions of a personal genomics company going bankrupt. In part one of the series Vorhaus and Moore analysed the privacy policies of two…
I'm very proud of the Know Privacy team, a group of three students who performed a broad analysis of online privacy issues for their master's project at UC Berkeley's School of Information. The study is featured today on the New York Times Bits blog. Several findings are notable: They found: "From…

Full disclosure: I am a fellow of the Ponemon Institute.

Full disclosure? Partial at best (we know of that one aspect).

People trust gmail and googledocs (but google-search itself is a loudmouthed tattletale).

Why do they trust them so much? My opinion -- I suspect that their "data handling" is quite careful (vs. sloppily manipulated for crass purposes) and that they are very proactive against attack based exposure. I could be proved wrong very soon, but so far, the amount of trust they've engendered is admirable.

Gotta catch'em all! Ponemon!

This is all well and good. However, it would be much more of a service to the public to present a list of the least trustworthy companies, both in terms of public perception and tested reliability.

Example: What has the association of AT&T and Verizon with Bush's warrantless wiretapping done to the public view of their respect for privacy rights?

I hope that people take a look at the companies called out as privacy trustworthy. Many are commercial entities and financial institutions that share/sell/use client data freely with the data brokerages. Countrywide is ahead of Google in the list. HP, the company that engaged in snooping on their own executives and the press, using questionable activities are number 1.

Really.

This kind of stuff is marketing drivel that equates consumer perceptions (due to expensive/effective marketing) to trustworthiness.

@Ted, I'm trying to state that problem, but not so bluntly. There is a huge gulf between consumer perception and actual practices out there.

On disclosure--I didn't work on this report. But my other work at UC-Berkeley is focusing on how both consumers and businesses make decisions on privacy.

I didn't mean to be critical of you; the point you highlight is valid, but the issue of privacy is prone to warm-fuzziness generated by planned marketing campaigns.

Looking at the charts above, it's not hard to figure out that individual privacy management is NOT a thing best left to the marketplace.

While many people fixate on the Constitution and the amendments, perhaps they should be worried about 1) the corporate influence on government policy and governance and 2) instead of being anal-retentive about the 2nd amendment, a condition whose time has come and gone (and is fun to argue about), to being anal about new social pressures generated by marketplace manipulations.