In Privacy We Trust

By John Wagley

A data breach can badly bruise a company’s reputation. But when companies work hard to convince their customers that their private information is protected, it can be a boon to customer loyalty and a firm’s bottom line.

That is according to Larry Ponemon, CEO of the Ponemon Institute, which researches privacy management practices. The Institute, along with San Francisco-based TRUSTe, recently completed its annual Most Trusted Companies for Privacy Study.

The industry most trusted for privacy this year was healthcare. Retail banking climbed into fourth place, from seventh last year. Least trusted were the airline, food service, toy, and telecom industries.

The study notes that because it polls the public, consumer companies are more likely to appear in the rankings than business-to-business firms. The top-ranked company in 2007 was American Express; it was followed by Charles Schwab and then IBM. American Express also topped the list in 2006, followed by Amazon and then Procter & Gamble.

Ponemon says top-ranked American Express has done well in a number of key areas. One concerns customer service. He says that people surveyed feel comfortable that they can contact the company about an issue without feeling subjected to marketing. Many financial companies “cross sell” products this way, says Ponemon. “This tends to make people nervous from a privacy perspective.”

Another reason for American Express’ success is that its phone representatives have a solid understanding of company privacy policy. Ponemon says calling company representatives and asking them about such policies is part of the study. American Express representatives are particularly likely to give an accurate response to such questions.

Charles Schwab’s second place finish was up from twelfth last year, a jump most likely caused by the company’s exceptional job of communicating its privacy commitment, says Ponemon. Early last year, the company began marketing the message that it would guarantee 100 percent of any identity theft losses.

Schwab was one of the first financial companies to make such a promise, says Ponemon. Many firms have felt that discussing identity theft could make customers nervous, he says. But Schwab’s proactive approach appears to be paying off.

Consumers’ greatest privacy-related concern relates to identity theft. This is then followed, in descending order, by fears over stolen assets, spying activities, telemarketing abuse, and unwanted e-mail activity or spam.

A central tenet of privacy trust involves developing strong security procedures and then openly and consistently communicating them to customers, says Mike Spinney, the institute’s director of communications. “Companies need to interact with consumers so that [consumers] understand what’s being collected and how it’s going to be used. And companies need to stick to those rules.”

The training of employees also plays a big role, he says, especially for the workers who interact with consumers.

Companies would do well to explain to consumers how their identities are being protected, says Peter Swire, a law professor and privacy expert at Ohio State University. Any use of Social Security numbers that is not absolutely justifiable should worry consumers because that information can help thieves access other personal data and lead to identity theft.

Other articles in this month's Technofile:



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.