  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
TOP 5 PRIVACY ISSUES FOR 2005Source: ComputerWorldPosted on December 29, 2004 During the past year, Ponemon Institute has surveyed thousands of individuals on a variety of issues affecting their privacy, from a universal credentialing system to Internet ads that use personal information to target prospective customers. Emerging trends from our research suggest that individuals view their right to privacy as increasingly important and worry about how organizations collect, use and share their personal information. Other concerns include cybercrime, abusive marketing and loss of civil liberties. Despite privacy concerns, however, the vast majority of people we contacted are willing each day to take significant information-sharing risks for small benefit. These actions include downloading free software, obtaining free Internet services or receiving an e-product coupon. Our studies also show that the U.S. public will often choose convenience over privacy. For example, our 2004 Privacy Trust Study of the U.S. Airline Industry found that a majority of consumers were willing to share enormous amounts of personal information with an airline and the federal government if this allowed them to get through airport security checkpoints faster. Based on what we learned from consumers this year, here are what we believe will be the top five privacy and IT ethics issues in 2005: 1 - Identity Management: Balancing privacy and securityIdentity is the key to protecting personal information and privacy rights. The rash of identity theft incidents and growing sophistication of cybercriminals creates the need for a nearly perfect universal ID credential. We realize that such a system can raise Big Brother concerns - especially if there is a lack of oversight. However, we believe this credential will become an essential tool for gaining access to private records and public places. Findings from the Ponemon Institute 2004 Survey on the Public's Perception of Identity Managemen support the use of biometrics for identity management. More than 70% of respondents said they could accept certain kinds of biometrics, such as a voice recognition or fingerprinting system. The No. 1 reason is convenience. More than 88% of respondents believe biometrics will make identification more convenient and accurate. Among those opposed to biometrics (11%), most appear concerned about secondary or alternative uses of this data. The study also supports the creation of a universal verification credential, but only if managed by a trusted organization. More than 74% of respondents believe that one universal ID would make it much more convenient to establish their identity with different organizations without having to remember different passwords, personal identification numbers or access procedures. The U.S. Postal Service and retail banks emerged as the two most trusted types of organizations to manage such a system. While consumers may be willing to divulge sensitive personal information to establish and maintain business relationships, they clearly value protection of their personal information. 84% want to be notified if there has been unauthorized access to their data. The challenge is for organizations to strike a balance between respecting people's rights to access their records while protecting them from unwelcome trespasses. 2 - Phishing and SpoofingAccording to the Ponemon Institute 2004 Study on Spoofing and Phishing counterfeit or fraudulent e-mails and Web sites are costly, and most of the monetary damage is being absorbed by banks and credit card companies. Slightly more than 2% of the 1,335 people responding to our Web-based survey reported an average monetary loss of $115. Extrapolating that to the entire U.S. population, we project a monetary loss of phishing fraud at more than $480 million. Our advice for 2005 is for companies to be proactive in helping to stop the phisherman's hook. For example, use technologies that crawl the Internet and identify domains and Web sites that contain your intellectual property. Many major brands have been targeted by cybercriminals. Unless you authenticate all the Web sites and domains that feature your brand, your customers are at risk. Educate your customers about the dangers of phishing, spoofing and faked e-mails. For example, eBay Inc. alerts customers on its Web site to spoofed messages. In turn, make sure your employees - especially those in call centers and customer-service functions - understand the seriousness of the problem and can respond when customers contact your organization for help. We believe new technologies will increasingly be used to allow e-mail messages to be registered with a trusted identity and prevent counterfeit Web sites. The concept is similar to watermarks that discourage the printing of counterfeit money. 3 - Internet AdvertisingConsumers prefer targeted advertising but want privacy, too. The 2004 Survey on Internet Ads found that consumers prefer banner ads that are relevant to their needs and interests by a 2-to-1 margin over those that aren't relevant, with 52% of respondents saying they would be more likely to click on targeted ads than on others. The survey also found that consumers want stronger privacy measures if they provide information that will enable more relevant ads. Although 45% of respondents said they would be willing to provide additional personal information if it meant they would receive more ads targeted to their individual interests, 55% showed a preference for technology that allows targeted ads without collecting personal information. Moreover, 69% favor the use of privacy-enabling technology to prevent misuse of sensitive personal data, rather than third-party verification of good privacy practices. 4 - When You Fly, Privacy Takes a Back Seat to SecurityMore than 82% of respondents to the 2004 Privacy Trust Survey for the Airline Industry said that privacy is important or very important to them. However, they are much more concerned about their safety and security than about sharing of personal information with the government. In addition, 80% of respondents would provide personal information as requested by the government without asking any questions. Only 3% would refuse to provide information to the government. More than 50% of respondents don't feel the need to provide consent to an airline in advance of the airline sharing their personal information with the government. Consumers also don't want added protections that could create longer waits or additional screening procedures at airport checkpoints. Sixty percent said they don't want any additional wait time or no more than five minutes of additional wait time when traveling, even if this improved security. Understandably, protection from terrorism is of great concern. However, airlines shouldn't ignore the importance of privacy to passengers. According to our study, one or two notices from an airline that a privacy breach occurred would cause 80% of our respondents to switch to another carrier. While many admit to not knowing an airline's privacy policy, 82% would appreciate a personalized letter explaining what the company does with the personal information it collects. And the best time to communicate with passengers is when they first establish a relationship with the airline. Finally, airlines should scrutinize their e-mail marketing efforts. Almost half (49%) said the e-mails they received from airlines almost never contain information they want to receive, and 22% said the e-mails are only occasionally useful. 5 - Consumer Trust Has a Dollar ValueDuring the past three years, Ponemon Institute's Privacy Trust Survey Series has probed the question, Does customer trust translate to an improved bottom line? Our 11 Privacy Trust surveys in 2003 and 2004 measured consumers' trust and confidence in how companies collect, use, share and store personal information. The surveys also ask about willingness to share personal information for secondary uses, such as marketing and promotion. We refer to this as the participation rate. We then examined companies listed as most trusted (the top quartile) and companies listed as least trusted (the bottom quartile) in our 2004 Most Trusted Companies Survey. Based on this data, we were able to determine information-sharing rates for both top- and bottom-performing companies. The participation rate is defined as the percentage of people who have agreed to directly (opt-in) or indirectly (didn't opt out) allow additional contact. Companies with privacy trust scores in the first quartile earned a 62.9% participation rate in 2003 as opposed to a 51.3% participation rate for companies in the bottom quartile. Also, the participation rate appears to increase slightly between 2003 and 2004 for top performers (+0.9%). In contrast, bottom performers show a decline in participation rates (-0.7%). For Study 1, the net change in participation rates for top-performing companies averaged 1.3%. So, between 2003 and 2004, more consumers gave their permission to be contacted by those most-trusted companies. In contrast, companies least trusted for privacy in Study 1 averaged -2.1% net change in participation. This suggests that consumers actually withdrew their support for companies with poor privacy performance between 2003 and 2004. Studies 2 through 5 show the same general pattern. Based on a very conservative estimate for converting targets into new customers (a conversion rate of 2.3%) and lifetime value of new customers ($546 based on research in retail banking), the difference between top- and bottom-performing companies would amount to more than $82 million. Earning a customer's trust and confidence through better privacy practices may be a necessary prerequisite to achieving a long-term and more profitable customer relationship. Given consumer expectation, investing in good privacy and data protection practices could be the best New Year's resolution an organization could make for 2005.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |