A report from New York-based Jupiter Media Metrix Inc. suggests that while both businesses and consumers claim they want privacy protection, neither does a lot about it.
The report, authored by Jupiter Research analyst Rob Leathern, concluded that businesses don’t spend enough to ensure privacy and that consumers can be enticed to give away large amounts of personal data.
For example, Leathern found that:
Seventy percent of the more than 2,000 consumers surveyed said privacy was important to them, but only 40 percent read privacy statements.
Eighty-two percent of online customers would provide personal information in exchange for a US$100 sweepstakes entry.
Fifty-three percent of consumers use the same usernames and passwords on multiple sites. Leathern also criticized both business and consumers for their lack of attention to privacy policies.
Consumers tend not to read them, he said, and businesses tend to take wording drawn up by legal departments without getting input from IT, sales and marketing departments, so the policies don’t fit overall corporate strategies.
Leathern’s assertions have drawn criticism from both business and privacy advocates, however. Staples Inc., Amazon.com Inc. and America Online Inc. defended their privacy policies. Privacy advocates also took exception to some of Leathern’s conclusions.
“Most consumers don’t read online privacy statements because all experience has shown that consumers cannot trust online privacy statements,” said Jason Catlett, president of Green Brook, N.J.-based Junkbusters Corp.
The privacy advocates said companies would change their policies to suit their immediate needs. They said the public knows this, and the result is that privacy policies are meaningless. The advocates cited companies such as BestBuy.com Inc., Yahoo Inc. and Amazon.com, which have changed their privacy policies over time.
Although three companies didn’t agree with Hoofnagle and Catlett, they also disagreed with some of what Leathern wrote.
Representatives from AOL, Amazon.com and Staples said their companies are committed to protecting the privacy of their customers and that they spend a significant amount of money to ensure it.
If you look at the overall revenue a company makes from the sale of its products and services and then compare that to how much gets spent on privacy, it’s a very small percentage, Leathern said.
Andrew Weinstein, a spokesman for Dulles, Va.-based AOL, countered, however, that AOL has a team dedicated to privacy issues. Weinstein said he couldn’t go into the details for proprietary reasons, but he said the company is committed to protecting users’ privacy.
Patty Smith, a spokeswoman for Seattle-based Amazon.com, said the online retailer has a proven track record of telling consumers how it uses their information and how the Web site collects information using cookies.
Leathern’s conclusions found allies in Catlett and Hoofnagle, though, regarding the amount of information companies collect on their customers.
“The default business model so far has been, ‘Let’s collect extra information in case we can use it later,'” Leathern said. “I think that is going to be the wrong approach.”
Hoofnagle agreed, saying that by collecting more information than they need, companies create situations where abuses can occur.
Leathern said companies that want to leap ahead of their competitors should take privacy concerns more seriously. Those companies that do will distinguish themselves in the marketplace and build loyalty among customers that other companies won’t have, he said.
For more enterprise computing news, visit
Computerworld.com. Story copyright (c) 2002 Computerworld, Inc. All rights reserved.