Interview with Larry Ponemon
February 2006
Interviewee: Larry Ponemon,
Interviewer: Terry McQuay, President of Nymity
Subject: 2006 Canada 's Most Trusted Companies for
Privacy Study.
A privacy study conducted by Ponemon Institute and
sponsored by Carlson Marketing Group.
February 6, 2006
Nymity: Larry, what were the top privacy concerns
of Canadians?
Ponemon: By far the biggest is concern
is about identity theft. The percentage of Canadians worried
about having their identity stolen increased 8% to 54% of
all respondents. Canadians seem to fret about telemarketers
as well. Concerns about unwanted telemarketers increased 4%
to 45%. The third biggest concern is stolen assets, which
actually decreased by 1% from our previous study to 35%. On
the other hand, concerns about spam or unwanted e-mail activity
have decreased by 5% to 32%. There seems to be little change
in concerns about stalking or spying activities (a decrease
of 1% to 35%), government surveillance increased 1% to 21%,
public embarrassment decreased by 1% to 24% and unwanted junk
mail decreased 1% to 22%.
Nymity: How important is privacy to Canadians?
Ponemon: More than 80% of Canadians
responding to our study consider privacy to be very important
(27%) or important (53%). In our last study, 22% considered
their privacy to be very important and 57% believed it to
be important. So there was a 5% increase in respondents who
believe it is very important. I believe that Canadians want
to be assured that the privacy of their personal information
is protected in order to prevent them from becoming a victim
of identity theft and stolen assets.
Nymity: How does privacy impact Canadian's trust in
an organization?
Ponemon: Previous studies conducted
by Ponemon Institute indicate that when consumers believe
an organization respects the privacy of their personal information
their trust in that organization increases. Specifically,
in our 2005 Online Consumers Permission Study it was found
that both Canadian and U.S. consumers are willing to share
more personal information with companies when they have a
trusted relationship. As a direct result, the more informed
a company is about the purchasing habits and preferences of
its customers, the more likely it is to increase sales and
revenues.
Nymity: This study was able to create a Privacy Trust
Rating. What is the Privacy Trust Rating and what factors
were most important?
Ponemon: Respondents were asked to
list the companies in 20 industry sectors they consider most
trustworthy when it comes to safeguarding their personal information.
These sectors included computer technology, financial services,
retail, hospitality, airlines and pharmaceutical and others.
The aggregated list contained 127 different corporate or
brand names compiled from more than 3,096 individuated company
ratings. Of the 127 companies, 43 were Canadian. We then looked
at companies with 10 or more positive rates from our respondents.
Companies with less than 10 positive ratings were excluded
from further analysis.
A combined rating system composed of the following three
ranking procedures was used to determine the overall rank
of a given company.
- R1 : The rank order of a given company based
on the net positive responses. While this metric is unambiguous,
it is biased. Larger companies or those with a bigger
brand name would be more likely to earn a higher net response.
- R2 : The rank order of a given company based
on the percentage of “first place” ratings. This is an
unbiased metric because the percentage is not associated
with the size of a company.
- R3 : The rank order of a given company based
on the ratio of positive to negative ratings. Unlike R1
, This metric is biased to smaller companies because
they are more likely to have no (zero) negative ratings
(as opposed to companies with larger market penetration).
Because the focus of this work is the group of companies
“most trusted” for privacy, all aggregated negative or “least
trusted” ratings were excluded from further analysis after
compiling the master list of 127 companies.
The factors that are most important include: overall
reputation of the company for product or service quality,
the company's limits over the collection, use and sharing
of personal information, the quality of advertisements and
solicitations that are respectful of my privacy requirements
or rights and the sense of security protections when providing
my personal information, such as passwords and other ways
to identify me. Less important is media or press coverage
about the company's privacy and data protection practices.
Nymity: What industry had the highest Privacy Trust
Rating and how did they compare with the last study?
| Rank order by industry |
Current
Study |
Last
Study |
Rank order by industry |
Current
Study |
Last
Study |
| Computer technology |
1 |
1 |
Insurance |
11 |
16 |
| Financial Services |
2 |
2 |
Web-based businesses |
12 |
10 |
| Telecom |
3 |
3 |
Retail |
13 |
15 |
| Consumer |
4 |
6 |
Non-profit |
14 |
12 |
| Auto & transportation |
5 |
7 |
Health & beauty |
15 |
13 |
| Package & delivery |
6 |
11 |
Entertainment |
16 |
14 |
| Conglomerate |
7 |
4 |
Hospitality & leisure |
17 |
17 |
| Phram (incl. retail) |
8 |
8 |
Airlines |
18 |
19 |
| Credit card |
9 |
5 |
Food services |
19 |
N/A |
| Internet Service Provider |
10 |
9 |
Cable & communications |
20 |
19 |
Nymity: What privacy definitions were the survey participants
asked to apply, when ranking Companies?
Ponemon: We asked respondents to refer
to the following definitions of personal information and privacy
trust:
Personal information is considered information about yourself
and your family. This information includes name, address,
telephone numbers, e-mail address, other personal identification
numbers, access codes, age, gender, income and tax information,
shopping information, account activity and many other pieces
of information about individuals. Privacy trust is the belief
that the company is honoring its privacy commitments to you
and keeping your personal information safe and secure. This
includes its commitment not to share your personal information
unless there is a just cause or you have given your consent.
Nymity: What were the survey instructions and guidelines?
Ponemon: We asked participants to list
one to five companies in various industry sectors that they
believed to be the most trustworthy for honoring their privacy
commitments. Based on their responses, we compiled a list
of the most trusted companies for privacy.
Question: Which are the most trusted companies for
privacy in Canada?
Ponemon: IBM is the most trusted company
and Bell Canada is the most trusted Canadian company.
- IBM
- Bell Canada
- Hewlett Packard
- Bank of Montreal
- VanCity
- Telus
- HBC
- Royal Bank of Canada
- Manulife
- Sears
Nymity: What surprised you when you saw the results?
Ponemon: I believe an important finding
related to the factors most important to privacy trust is
that there is a 9.5% increase in the category “sense of security
protections.” This change from our last study suggests that
respondents are feeling less confident about how organizations
are securing or safeguarding their personal information.
Nymity: What reaction do you expect from corporate
Canada when the results are made public?
Ponemon: I believe companies will be
interested in better understanding why consumers perceive
certain organizations and industries to be more trustworthy
than others. It is interesting that the industry sectors in
the top three have not changed since the last study. Computer
technology, financial services and telecom continue to earn
high ratings. While airlines and cable companies continue
to be rated at the bottom of our trust survey.
Nymity: What should a company do to get on the list,
or move up the list, for your next study?
Ponemon: Canadian consumers are making
it clear that they have an expectation that companies will
limit the collection, use and sharing of their personal information.
They want assurances that there are security protections in
place to protect their personal information and to make sure
that no one can steal their identity to gain access to their
personal assets. If the company can meet these expectations
and if it has a good reputation for the quality of its products
or services, there is a good chance it will increase its privacy
trust rating.
Nymity: How can our subscribers get more information
on this study?
Ponemon: For more information, please
contact our offices at 231-264-5178.
Nymity: In closing, please introduce the Ponemon Institute,
other surveys available, and the services offered.
Ponemon: The Ponemon Institute is
dedicated to independent research and education that advances
responsible information and privacy management practices in
business and government. Our mission is to conduct high quality,
independent research on critical issues affecting the implementation
of responsible information practices within business and government.
Ponemon Institute's services include industry-wide studies,
proprietary (commissioned) tracking studies, training as well
as consultancies on trends in privacy and data protection.
Ponemon Institute is best known for its work in measuring
trust in privacy and information security practices in a number
of industries including banking, retail, telecommunications,
airline and government. In 2005, we conducted our second annual
Most Trusted Companies for Privacy with TRUSTe. We also conduct
research on emerging issues affecting consumers and business.
These include: studies on consumers' responses to data breach
notification, the cost of a data breach notification to an
organization, permissions management and many others.
For more information, please contact research@ponemon.org
.
|
