What Are Businesses Doing With Your Personal Data?

Some 72 percent of the businesses evaluated by a Boston-based research firm scored poorly on their policies for re-using their customers’ personal data for marketing purposes, but the researchers maintain that more companies are sensitive to privacy issues than ever before and are acting on that awareness.

Other findings in the report prepared by The Customer Respect Group (CRG), an international research and consulting firm that has developed indices to measure customer respect and privacy, included:

• Only 23 percent of companies had policies that were considered “good” for allowing users to destroy their own information stored on corporate databases;
• Only 42 percent scored “good” for their policies towards sharing of collected personal data; and
• Some 64 percent of companies now have privacy policies that scored “good” on clarity and are written for the customer.

According to a copy of the report obtained by the E-Commerce Times, the travel and airlines industry ranked highest on CRG’s privacy index, with a 7.4 out of a maximum of 10, while the pharmaceutical and health care industries were bottom crawlers at 5.4.

Typically, larger companies outperformed smaller companies in every industry, the report said.

Top 10 Companies

Among the top 10 companies cited in the report as most respectful of their online customers’ privacy was Verizon Wireless. “We carefully guard customer information,” spokesperson Tom Pica told the E-Commerce Times. “As a company, we’re at the forefront of defending customer privacy.”

He disclosed that the company’s internal systems use masking and encryption to ensure that only employees with a “need to know” can see sensitive customer data.

“We also never store unnecessary customer information,” he said.

He also noted that the company was “the first and largest wireless carrier to reject the wireless phone directory that’s being promoted by others in the industry.”

Other companies in the top 10 were Intel, Expedia, E-Loan, Estee Lauder, Marriott International, Con-Way Transportation Services, International Business, Medco Health Solutions and Orbitz.

Major Obstacle to Web Adoption

“Privacy concerns are one of the major obstacles for the next level of adoption of the Web by the online customer,” CRG President Terry Golesworthy said in a statement.

“It is vital to identify actual practices and trends so that pressure can be put on organizations that fall short of the expected and actual norms,” he maintained. “We believe this report will help companies make changes before privacy concerns affect their corporate reputations and brands.”

The report is based on information about 464 major corporate Web sites gathered during the first six months of this year . Researchers evaluated the sites using 21 factors. They included:

• Do companies use personal data for marketing without permission?
• How can users control use of their data for marketing?
• How clear is the explanation of e-mail marketing opt-out?
• Do companies share personal data? If so, with whom?
• How prominent is the link to the privacy policy?
• Is the privacy policy easy to understand?
• How well do companies explain their use of cookies?
• How well do companies explain cookie disabling?
• How much personal data is mandatory in online forms?
• Do companies provide secure forms?
• Does the Privacy Policy explain how users can request that their data be destroyed?

“Even though our analysis of the 21 privacy attributes clearly demonstrates that most companies need to improve their privacy principles,” the report said, “we speculated that, in time, more and more companies would adopt all our privacy recommendations. It is encouraging that every industry has at least one example of a company who demonstrate respectful privacy principles.”

“The general trend is that companies are performing better,” it added.

Not Performing Well Enough

Even if companies are performing better than in the past, they’re still not performing well enough, according to Kevin Bankston, an attorney for the Electronic Frontier Foundation in San Francisco.

“Cookies are still there and proliferating,” he told the E-Commerce Times. “Privacy policies are still obtuse and generally drafted to promise nothing.”

Internet companies are more aware of the security issues because of the publicizing of security breaches and class action lawsuits resulting from some of them so they have incentives to improve their security, he said.

“But,” he interjected, “in terms of improving their practices insofar as how much information they collect from their users and what they use it for and who they share it with, I haven’t seen any kind of real improvement in the industry. If anything, I’ve seen privacy policies become even more artful in keeping vague what they’re actually doing.”