The Ponemon Institute and TRUSTe have just released their annual Most Trusted Companies for Privacy report. As part of this report, the groups asked consumers about the factors–positive and negative–that shaped their perceptions of companies’ privacy practices. (Full disclosure: I am a fellow of the Ponemon Institute.)
Bar Charts 3 and 4 in the Ponemon/TRUSTe survey are instructive. In Chart 3, we see that the strongest indicators for trust among consumers is reputation, respect for consumers, and product quality. This explains why certain information-intensive companies, such as Amazon.com and American Express, are routinely top-ranked for privacy trust. A smaller number of consumers is evaluating companies on actual privacy practices–limits on sharing of data, disclosures around policies, and the presence of third-party reputation seals.
Chart 4 shows what factors decrease privacy trust, and the most influential factor is a data security breach. “Irresponsible marketing” is next, which I assume means that one receives some type of advertising pitch from the company. Again, these constitute the information most available to consumers, and are not truly indicative of a company’s respect for consumer privacy.
Studies such as Ponemon’s help us understand why companies do not compete on policies that maximize privacy rights. One problem is that consumers don’t possess the best information to evaluate and compare companies’ practices. Privacy policies go unread, but even when read, they have other shortcomings. They can be beyond comprehension, contradictory, or simply vague about actual practices. As a result, other characteristics of a company are used as shorthand to assess “trust,” and this introduces unfairness and arbitrariness into the evaluation of a company on privacy.