Do people really read privacy notices on the Internet? Given all the importance that privacy laws, regulators, advocates and the press place on privacy notices, the question is a fair one. Two recent polls assessed consumer attitudes toward privacy notices on Internet sites.
One poll was designed by Mary Culnan, a professor of management at Bentley College in Massachusetts, and George Milne, an associate professor of marketing at the University of Massachusetts. Culnan is well known in privacy circles and is respected by all sides. The poll results are available at http://intra.som.u-mass.edu/georgemilne/research.htm.
The other poll was conducted by the Privacy Leadership Initiative, and the results can be found at www.understandingprivacy.org. The two polls are roughly comparable, so I will stick to the numbers from the Culnan-Milne poll just because they are more readily at hand.
The poll shows that many people are concerned about privacy. Only 17 percent say they never read online privacy notices. Another 33 percent rarely read them. That leaves exactly half the respondents, and they read notices sometimes (31 percent), frequently (13 percent) and always (5 percent).
People are much more likely to read a notice when asked for personal information (73 percent agree or strongly agree) or when using a credit card to buy something (78 percent). If the Web site belongs to a familiar company or one that is trusted, the privacy notice is less likely to be read. Privacy seals also seem to engender more trust.
The poll also shows that people take action based on their perceptions about privacy. The most striking number in the poll is the 64 percent of respondents who said they decided not to use a Web site or not to purchase something from a site because of uncertainty about how personal information would be used. That is a large number of customers lost because of absent, incomplete or untrustworthy privacy notices.
Another finding is that current notices could be better. People think that notices are too long (68 percent) and use confusing legal language (53 percent). People also doubt the veracity of privacy notices. Less than half agree that notices are truthful (35 percent) or accurately reflect how information will really be used (29 percent).
Here is a little free advice from me. Don’t let your lawyers write privacy notices. Notices produced by lawyers are usually incomprehensible and convey a sense that the consumer bears all the risks and the Web site has no responsibility. Maybe your copywriters should play a role in writing friendlier privacy notices.
I think privacy notices are important for another reason. If a company or Web site hasn’t prepared a notice, then it hasn’t thought through its policies for the use of personal information. A company without a policy may find uninstructed employees doing things with information that the company really didn’t intend.
I have a notice to offer as part of this column. Support for the Culnan-Milne poll came from a grant from a cy pres fund that was created by the lawsuit that arose several years ago over Metromail’s use of prisoners to process consumer information. I was an expert witness in the case, and I ended up serving on the committee that decided who would receive money from the fund. I had no other involvement with the poll.
The previous paragraph is a type of notice. It discloses a potential conflict. The disclaimer wasn’t very interesting, but it was something that I thought obliged to include. Just like privacy notices, sometimes people need to be told about something whether or not they care. Being honest and open can only serve to enhance credibility.