Internet Privacy and Security

Published on July 2016 | Categories: Documents | Downloads: 55 | Comments: 0 | Views: 574
of 9
Download PDF   Embed   Report

Comments

Content

Internet Privacy and Security: An Examination of Online Retailer Disclosures Author(s): Anthony D. Miyazaki and Ana Fernandez Source: Journal of Public Policy & Marketing, Vol. 19, No. 1, Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy (Spring, 2000), pp. 54-61 Published by: American Marketing Association Stable URL: http://www.jstor.org/stable/30000487 . Accessed: 23/04/2011 12:39
Your use of the JSTOR archive indicates your acceptance of JSTOR's Terms and Conditions of Use, available at . http://www.jstor.org/page/info/about/policies/terms.jsp. JSTOR's Terms and Conditions of Use provides, in part, that unless you have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and you may use content in the JSTOR archive only for your personal, non-commercial use. Please contact the publisher regarding any further use of this work. Publisher contact information may be obtained at . http://www.jstor.org/action/showPublisher?publisherCode=ama. . Each copy of any part of a JSTOR transmission must contain the same copyright notice that appears on the screen or printed page of such transmission. JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship. For more information about JSTOR, please contact [email protected].

American Marketing Association is collaborating with JSTOR to digitize, preserve and extend access to Journal of Public Policy & Marketing.

http://www.jstor.org

Internet Retailer

Privacy
Disclosures

and

Security:

An

Examination

of

Online

AnthonyD. Miyazaki and AnaFernandez
The Federal TradeCommissionhas declared the privacy and security of consumer information to be two major issues that stemfrom the rapid growth in e-commerce,particularlyin terms of consumer-relatedcommerceon the Internet.Althoughprior studies have assessed online retailer responses to privacy and security concerns with respect to retailers' disclosure of theirpractices, these studies have beenfairly general in their approaches and have not explored the potentialfor such disclosures to affect consumers. The authors examine online retailer disclosures of variousprivacy- and security-relatedpracticesfor 17 product categories. Theyalso compare the prevalence of disclosures to a subset of data from a consumer survey to evaluatepotential relationshipsbetween online retailer practices and consumerperceptions of risk and purchase intentionsacross product categories.

Consumers littleprivacy have on protection the Internet. June4, 1998 Trade Commission PressRelease, - Federal The Federal TradeCommission todaytolda HouseCommittee thatbusiness theInternet on couldexplode-from$2.6billionin conis 1996to $220billionin 2001--butif thetrend to continue, sumers that is mustfeel confident the Internet safefromfraud. - Federal June25, 1998 Trade Commission PressRelease,
The

diffusion of the Internetas a source of consumerentertainment,education, and marketplaceexchange.' The has growth of online retailing in particular been well documented, and estimates of annualrevenueshave reached$13 billion for 1998 (Holstein, Thomas, and Vogelstein 1998). For example, the NationalRetailFederation reportsthat26% of retailershad Internetsites in 1998, comparedwith only 8% in 1996 (Holstein, Thomas, and Vogelstein 1998; for similar figures, see Ernst & Young 1999). Consumerpatronageof such sites also continues to grow. According to America Online, currentlythe largest Internetservice provider,48% of its 14 million subscribershad purchasedgoods online as of December 1998 (Holstein,Thomas,andVogelstein 1998). In conjunctionwith this surge in e-commerce is a related increase in the amountof informationmarketerscollect and
modes information of includes various the exchange, IAlthough Internet communication suchas directed communication e-mail), (e.g., posted (e.g., real-time communication Internet Usenetgroups), RelayChat),and (e.g., our file transfer Protocol), focusis the use of systems(e.g., File Transfer Web theWorld WideWeb(e,g.,homepages, sites)as a mainoralternative information storefrontthat allows for interactiveconsumer-initiated and may (see exchange exchange Hoffman Novak1996).Thisinformation and regarding products physicalretail rangefrombasic communications and automated to outlets completely procedures. purchase shipment

of rapidescalation the past decadehas witnessed

store regardingnot only consumer characteristicsbut also actual shopping behavior. Because most features of online marketing transactionscan be recorded electronically for future use by marketers, the amount of data gathered by marketers is growing at constantly accelerating rates. Unfortunately,this burgeoning reservoir of information is accompanied by technologically enhanced versions of two previously studieddatabaseissues, namely, the privacy and security of accumulatedconsumer data. These issues are of interestto policymakerswith respect to both protectingconsumers' rights regardingthe privacy and security of their personal and financial informationand facilitating the continued growth of e-commerce and the benefits it brings to consumers and businesses (e.g., enhanced efficiencies of informationexchange and targetedcommunication). Because many retailerpracticeshave implicationsfor priissues, a key element of proposed vacy- and security-related in this area involves the online disclosure of such legislation practices. As discussed subsequently, these online disclosures may be helpful in preventing and/or reducing consumer concerns regarding Internet privacy and security. Although several prior academic and industrystudies have evaluated commercial Web sites for privacy- and securityrelateddisclosures,most have taken a general approachand have not examined how such disclosures may affect consumer behavior.We assess disclosures of online retailersat a more detailed level by delineating the various levels of retailer response to several privacy and security concerns. We then compare the prevalence of privacy- and securityrelated disclosures with a subset of risk perception and online purchase intention data from a consumer survey. Finally, we discuss implicationsfor online retailing.

D. is ANTHONY MIYAZAKI Assistant Professor of Marketing,and ANA FERNANDEZ a research assistant, School of Business is Administration, University of Miami. The authors gratefully acknowledge constructivecomments from the special issue editor and the anonymousJPP&M reviewers.

of Privacyand Security Consumer Information
A major ethical issue in the collection and managementof consumer information is the privacy of that information (Bloom, Milne, and Adler 1994; Chdnko 1995; Foxman and Kilcoyne 1993; Jones 1991). Indeed, privacy is often
Vol. 19 (1) Spring 2000, 54-61

54

Journal of Public Policy & Marketing

Journalof PublicPolicy & Marketing
viewed, even from a legal perspective, as a distinct consumer right (Goodwin 1991). With respect to online shopping, recent research by Rohm and Milne (1998) demonstrates that a majority of Internet users-both those who have made online purchasesand those who have not-have several concerns regarding informationprivacy, including issues related to the acquisition and dissemination of consumer data. In conjunctionwith informationprivacy, security (particularly informationtheft and misuse) also has been labeled a key concern of e-commerceby variousgovernmentandconsumer organizations(e.g., Brinkley 1998; ConsumerReports Online 1998; CyberspaceLaw Institute1999; FederalTrade Commission 1998a; National ConsumersLeague 1999) as well as many articles in trade publicationsand the popular press (e.g., Briones 1998; CNN 1999; Folkers 1998; Judge 1998; Machrone 1998; Rothfeder 1997). These two issues are interrelated,because when the protection of consumer privacy is considered,the secure storageand transmissionof consumer informationcontainedin organizational databases also are viewed as the responsibilitiesof participant organizations (FederalTradeCommission 1998a;Jones 1991). From a public policy perspective,consumersare assumed to have certain rights to privacy and security of their information when conducting online transactions. Publicity severalcalls for legislation regardingthese issues has sparked (see Bloom, Milne, and Adler 1994;Milne 1997) thatvaryas to their requirements changes in practicesversus simple for disclosureof practices.Presumably, changesin online retailer practicesthatare deemedconsumerfriendlywill buildonline shoppers' confidence with respectto their futurepurchasing activities. Conversely, increasing media coverage of these issues may decreaseconsumerconfidenceby highlightingthe risks involved in online shopping and thus deter full consumer adoptionof e-commerce(Judge 1998). Therefore,the role of policymakersis twofold: to facilitatethe adoptionof online shopping with its proposed market efficiencies and simultaneouslyto protectand informconsumersby making risks of Internetcommerce known to all potentialand active From a marketingperspective,the disclosureof participants. online retailerpracticesmay serve both to informconsumers about risks of online practicesand to reduce consumer risk perceptionsand increasepurchasebehavior.

55

E-PrivacyAct (S. 2067) and the SecurePublic NetworksAct (S. 909), both of which deal with encryptionrightsand standardsregardingdomestic and international e-commerce. In general, policymakers are tending toward regulations that make online retailers responsible for disclosing consumer informationacquisition, usage, and protectionpractices. In fact, disclosure of online informationprivacypractices has been the subject of several recent Federal Trade Commission (FTC) investigations, including one in March 1998 whereinmore than 90% of examined Web sites (more than 1400 in total) collected some type of personalinformation from visitors to theirpages. In contrast,only 14%of the 674 commercial Web sites examined provided any type of notification regardinginformationcollection practices, and only 2% provided comprehensive privacy policies (FTC 1998d; see also FTC 1999). A more recent examinationby Culnan (1999a) finds that 65.9% of the 361 ".com" Web sites examined provided at least one type of privacy disclosure (see Culnan 1999b).

OnlineRetailerResponsesto PrivacyConcerns
Considering the privacy and security issues raised by governmentandconsumergroups,we now outline threekey privacy concerns and three online retailermethods of dealing with perceivedsecurityproblems(Table I presentsthe various types of online retailerresponsesto privacy and security issues). We then discuss how the disclosure of such information may relateto consumerperceptionsand intentions.

Online CustomerIdentification
Of concernto policymakersis whetherandto whatdegree an online retailercollects personal informationfrom Web site customers (see Culnan 1995, 1999a). Although several of the aforementionedlegislative efforts advocate full disclosure of informationacquisitionactivities, most information provided to online businesses is done knowingly by consumers.Thereexists, however, the ability for online retailers to identifyandgatherinformation repeatvisitorsto a Web on site by placing coded information (called "cookies") on computer users' hard drives without their knowledge (Samuel and Scher 1999). This informationmay be combined with previouslyprovidedpersonalinformation track to patterns of Web site exploration and information search behavior.2The concealed natureof this information acquisition highlightsthe importancefor online retailersto disclose theiruse of cookies or similartechnologies so thatcustomers will know to what degree they will be identified when they return to a particularWeb site. Surprisingly, none of the aforementionedlegislation specifically addressesthis issue. Online retailersmay offer various levels of responses to customer identification issues. The most extreme position
Internet usersmayadjust theirWebbrowsers reject or to all 2Although certain thembefore cookieis placed their a on typesof cookiesorto warn hard consumers knowledge thisfunction. lack of drive,many Furthermore, several onlineproduct ordering the systemsrequire useof cookiesto track selectedproducts thatthe purchase so can out. process be carried The use of cookiescan enablean Internet to browseto a particular and user site be with information automatically presented uniquely preferred that by choice(i.e., selectedstockquotes newstopor user,whether conscious by of and ics) or by wayof marketer analysis onlinesearch purchase patterns or that to (i.e., onlinecatalog offerings banner advertising correspond predetermined interests). user

Online Disclosureof Privacy-and Security-RelatedPractices
Appropriateonline retailer practices regardingthe privacy and security of consumer informationare the topic of much recently proposedor enactedlegislativemeasures.For example, proposed regulation, such as the Consumer Internet Privacy Protection Act of 1999 (H.R. 313), the Online Privacy Protection Act of 1999 (S. 809), and the Inbox Privacy Act of 1999 (S. 759), all examine at least one aspect of online acquisitionanddisclosureof consumerinformation. The recently enacted Children's Online Privacy Protection Act of 1998 (16 C.F.R. Part 312), which applies to children younger than 13 years of age, is even more restrictivein the disclosure and consumer contact requirementsthat may be imposed on certaintypes of Web sites. Similarlegislationhas been proposed regardingInternetsecurity issues such as the

56 Table 1.

Internet Privacy and Security to OnlineRetailerResponses Privacyand SecurityIssues the least favorable is the lack of any communicationto the Internet user regarding the online customer identification practices of the particular retailer (Brinkley 1998; FTC 1998b).

PrivacyIssuesa use identification Onlinecustomer (including of cookies) this No policystatement regarding issue whencustomer ontosite customer Identifies logs whencustomer ontosite unlesscuscustomer Identifies logs tomer optsout suchidentificaIdentifies customer requests only if customer tion(e.g.,"Remember name/password") whencustomer ontosite customer Does notidentify logs customer contacts Unsolicited this No policystatement regarding issue contacts customer to Uses information makeunsolicited unless contacts customer to Uses information makeunsolicited customer out opts contacts customer to Uses information makeunsolicited onlyif by requested customer without Uses information forinternal contacting purposes only customer Does notcollectanyinformation to information third of Distribution customer parties this No policystatement regarding issue with Shares information othercompanies with information othercompanies shares (cautiously) Carefully unlesscustomer with information othercompanies Shares opts out with information othercompanies shares (cautiously) Carefully unlesscustomer out opts with information othercompanies if requested Shares by only customer with Does notshareinformation othercompanies Does notcollectanyinformation SecurityIssues Securetransactions Onlinecreditcardsecurity guarantees Alternative options payment
to fromleastfavorable issuesareordered for aRetailer responses privacy

Customer Contacts Unsolicited
The practice of collecting consumer information for one purposeand then using that informationto make unsolicited contacts has long been a privacy issue (see Goodwin 1991; Milne 1997). With respect to the Internet,the majority of legislative efforts addressunsolicitedcustomercontacts as a common concern for consumers and thus one of two key issues for regulation. As with online customer identification, responsesto the unsolicitedcontactconcerns vary as to the level of privacyprotectionthey offer. At the most favorable level (from a privacy perspective), online retailers would not collect any information from consumers, thus prohibitingthe retailersfrom making unsolicitedcontacts. A similar situation would involve the collection of personally identifying information combined with the presence of a policy thatthe informationwould not be used for contacting customers. Opt-in and opt-out policies represent the next two levels of response; the latter is the most common response in current direct marketing activities (see Milne 1997).3

Distribution Customer Information
issue is the degreeto which customer The otherkey regulatory will information be shared(i.e., rentedor sold) to thirdparties interestsin such data.Though an thathave marketing-related issue in much privacyresearch(e.g., Culnan 1995; important Goodwin 1991; Milne 1997), this concern has just begun to in receive interestwith respectto online shopping,particularly legislativeefforts.Possible online light of the aforementioned retailer responses to informationdistributionconcerns are similarto those listed previouslyfor customercontacts (i.e., not collecting informationand opt-in and opt-out choices). disclosurethatdiffersfromthe cusOne aspectof information tomercontactissue is thatcompaniesmay provideassurance thatthey will shareinformation selectively, that is, with other that will (1) make offerings to the consumerthat will parties be of interestto the consumerand/or(2) use responsiblythe that information is shared.These levels of responsewouldpresumably be favored by consumersover more general stateIn ments of sharinginformation. supportof this, Milne (1997) of finds thatconsumersare more willing to allow the transfer when responsecards state thatpersonal information personal businesses that informationwill be providedto "mail-order have productsor services that we think will be of interestto you" ratherthan when responsecards state that the informabusinesses. tion will be providedmerelyto mail-order

from most favorable a consumer privacy perspective.

(perhaps preferredby strict privacy advocates) is never to identify customers when they access a site. Alternatively,a consumer opt-in choice would allow such identificationto occur only if the customerexplicitly requestssuch a practice (e.g., checking a box thatasks the online retailerto "remember my name and password").Negative option, or opt-out, choices, which have been suggested by several legislative efforts and are often practiced in mail-order marketing (Milne 1997), enable consumersto prohibitautomaticidentification by either checking an opt-out box during initial registrationor separatelycontacting the online retailerand requestingthat such identificationdoes not occur. An even less desirable level of response from a consumer privacy perspective would be constant identificationof consumers as they access the Web site, without an opt-out alternative. Finally, the response most likely seen by policymakers as

OnlineRetailerResponsesto SecurityConcerns
A key securityconcern involved in online shopping pertains to unauthorizedthird-partyaccess of consumers' personal
consumers havecertain rightsto opt out of a customer may 3Although of of contact regardless thedisclosure sucha policy,we focuson procedure of have been shownto be unaware becausemanyconsumers disclosure issuesandparticularly to withrespect database opt-out theirrights privacy and (see procedures Rohm Milne1998).

Journalof PublicPolicy& Marketing
and financial information. Consumer concerns regarding this issue are highlighted because of publicized security breaches of online retailer database information, such as Hallmark's discovery that consumers' personal electronic greeting card messages (on what was likely thoughtof as a secure site) were actually available to anyone using the site's searchengine (CNN 1999). Given thatthe presenceof online security concerns may curtailpurchasebehavior,the alleviation of these concerns would seem to be a key focus of online retailers. We now discuss three potential online communication practices presumably designed to reduce consumers' security concerns.

57

as the percentageof offline purchasetransactionsincreases. Thus, althoughthis practicemay reduce consumerconcern, it may also reduceactual online purchasing.

Privacy and Security Disclosures and Consumer Behavior
Although efforts to implementmandatorydisclosure of the previous issues and practices are based on a consumer privacy perspective, the disclosure of privacy and security informationmay also be useful from a marketingstrategy perspective. Specifically, if concerns about privacy and security issues tend to raise risk perceptionsand lower purchase likelihoods, higher levels of privacy- and securityrelateddisclosuremay be useful in stemmingsuch concerns. This, in turn,would be expected to result in lower consumer risk perceptionsand higher purchaselikelihoods. Thus, it is expected that the percentageof Web sites with (1) privacyrelated statementsand (2) security-relatedstatementsfor a particularshopping category will be negatively related to consumerrisk perceptionsregardingonline shopping in that categoryand would be positively relatedto consumeronline purchaseintentionsin that category.

Secure Transactions
The protection of the online transaction of information (whether personalor financial) is a technological issue. Yet Internet security advocates suggest that retailers provide consumers with informationregardingthe safeguardingof transactions,either with clearly labeled "secure servers"or prominent links to security policies (Consumer Reports Online 1998; FTC 1998a). Thus, in addition to the actual provision of secure transaction technology (e.g., secure servers, secure sockets layer encryption), online retailers have been counseled to assuage the concerns of consumers by communicatingthe security of their online information systems.

Method and Results
Examination of Web Sites
based in the United Web sites for 381 commercialenterprises States and targetingU.S. consumerswere visited in the first two months of 1999 and were examined with respect to the privacyand securityissues raisedpreviously.The Web sites were randomlysampledfrom threepopularshoppingportals (excite.com, yahoo.com, and netscape.com), and each site was placed into one of 17 shoppingcategoriesthatappeared to be the main emphasis of each site's sales efforts at that time. The 17 categories were fairly common across the portal sites and representa broadarrayof goods. (A list of specific Web sites is availableupon requestfrom the authors.) Trained researchersaccessed each Web page; searched for any information pertaining to privacy and security issues; and printedthe pages on which this informationwas found, pages with links to such information,and the site home page (i.e., initial starting page). Each Web site was then coded (see Table 1) by the authorswith respect to its informationregarding(1) customeridentification(including the use of cookies), (2) customer contact, and (3) information sharing. The sites were also coded according to the presence or absence of written informationregarding (I) secure transactionsystems, (2) credit card fraudguarantees, and (3) alternativeorderingmethods.4Initial coding agreement was high (93% across all variables), and disagreements were resolved by discussion. Although the general approachused here is comparableto that reportedby one of the FTC's (1998d) recent studies on e-commerce, the current research reports not only the presence of information privacyand/orsecuritydisclosure but also the type and level of disclosure.
(e.g., seals of approval such as VeriSign, endorsements 4Third-party nor in and were TRUSTe, CPAWebTrust) notexamined thisstudy, wasthe or activation securelink icons (i.e., a lockedpadlock unbroken of key), whichappear popular browsers. Web on

Online Credit Card Security Guarantees
To diminish consumer security concerns (see National ConsumersLeague 1999) even further,some online retailers have implementedconsumer guaranteesagainst credit card fraudthatmay occur as a resultof online divulgence of credit card information(e.g., Amazon.com's safe shopping guarantee or Wal-mart'sonline security guarantee).These guarantees, which sometimes reference the Fair Credit Billing Act (15 U.S.C. 1601-67), typicallypledge reimbursement of unauthorized chargesmadeto a creditcardif such charges resultedfrom purchasingthroughthe online retailer'ssecure system. Because the maximum retailer liability for such a guarantee would typically be $50 and because cases of online credit card fraudfrom security breachesare reported as very infrequent,this retailpracticewould likely serve as a reasonablemethod of allaying consumerconcerns.

Alternative Payment Options
A key consumerconcern of online shopping is the interception of creditcard information(NationalConsumersLeague 1999). A viable retailerresponse would be the provision of alternative payment (or ordering) options that enable the online customer to shift certain components of the transaction to the Internet(e.g., informationacquisition, ordering) while still conducting more vulnerable components (e.g., actual payment) offline. Several online retailers offer consumers the opportunity to complete and submit orders through the Internet,combined with telephone or facsimile Some Web sites also transmissionof creditcardinformation. suggest mailing, faxing, telephoning, or e-mailing both the order and the payment if the consumer has concerns over a Offeringalternativepayment complete Web site transaction. methods is not seen as an ideal retailerresponse,because the efficiencies of Internetorderingand paymentare sacrificed

58 Table2.

Internet Privacy and Security Web Sitesa on Statements Commercial Incidenceof Privacy-and Security-Related Statements Privacy-Related InforCustomer Identifi- Unsolicited mation Contact Sharing cation 42.9 42.9 33.3 44.8 44.8 34.5 38.5 61.5 61.5 19.4 36.1 16.7 64.3 71.4 64.3 58.3 58.3 58.3 55.6 55.6 33.3 46.2 46.2 23.1 40.0 20.0 20.0 28.0 28.0 16.0 11.1 14.8 7.4 25.5 29.4 17.6 8.6 20.0 17.1 17.6 23.5 17.6 5.9 5.9 0.0 17.1 20.0 8.6 75.0 75.0 41.7 29.4 33.6 23.1 Consumer Statements Perceptions Security-Related Purchase Alternative Secure LikeliTransSecurity Orderhood action Guarantee Any Risk ing 3.73 61.9 76.2 2.43 19.0 71.4 2.27 62.1 3.95 41.4 10.3 55.2 2.58 92.3 4.10 7.7 53.8 92.3 1.40 52.8 61.1 3.86 5.6 47.2 2.18 57.1 3.54 28.6 7.1 42.9 2.35 33.3 50.0 4.46 16.7 50.0 2.77 77.8 3.47 66.7 0.0 77.8 1.78 76.9 3.95 61.5 7.7 61.5 1.43 40.0 40.0 3.53 0.0 26.7 1.92 84.0 3.93 72.0 4.0 56.0 1.80 59.3 3.69 51.9 3.7 37.0 3.64 49.0 78.4 3.19 3.9 60.8 2.21 , 45.7 3.25 31.4 5.7 28.6 1.28 70.6 3.35 41.2 0.0 52.9 1.19 52.9 4.10 52.9 0.0 11.8 2.16 60.0 3.58 40.0 2.9 45.7 2.55 83.3 3.57 33.3 8.3 83.3 65.6 47.5 5.8 50.7

ShoppingCategory (SampleSize) Books(21) (29) Clothing hardware (13) Computer care Cosmetics/skin (36) stores(14) Department Electronics (12) and Flowers gifts (9) Foodandgroceries (13) Haircare(15) foods(25) Health Homedecor(27) Music(51) Officesupplies (35) Pet supplies (17) (17) Rugsandcarpets goods(35) Sporting Toys andgames(12) Overall (381)

Any 61.9 48.3 69.2 38.9 71.4 75.0 55.6 46.2 46.7 32.0 22.2 45.1 25.7 23.5 5.9 28.6 83.3 41.5

that (statement, a policy, of are information percentages siteswithin particular and category gavesometypeof notification for aAllnumbers privacy security issuein question. or the to andso forth) consumers regarding privacy security

means the numbers likelihood survey. and bRisk purchase aggregated from consumer represent

DescriptiveResults
The general results show that the disclosure of online privacy practiceshas risen since the March 1998 FTC (1998e) survey and is comparableto the March 1999 survey (Culnan 1999a). Although the 1998 FTC study indicatesthat 14%of commercial Web sites made mention of practicesrelatedto consumerinformationprivacyand Culnan(1999a) reportsa 65.9% disclosure rate in March 1999, our data 1999) show overall disclosure (i.e., the (January/February of any type of privacy statement) to be 41.5%. presence (Note that direct comparisons across these studies are not feasible because of differences in the samples used.) We presentthe results from the study in Table 2. For individual types of privacy concerns, disclosure of practicesrelatedto unsolicitedcustomercontact constituted 33.6% (n = 128) of the currentsample. Regardingthe various levels of privacy protection, 19 (5.0%) promised no unsolicitedcontacts, 38 (10.0%)contactedonly if requested, 60 (15.7%) provided an opt-out alternative,and 11 (2.9%) stated that contacts would occur but did not give an opt-out alternative.The remaining 253 (66.4%) sites provided no informationregardingunsolicitedconsumercontacts.5
88 Web the 50Of 381 commercial sitesin thesample, didnotallowa full card-to be madeover by transaction-including payment credit purchase communiof theInternet. nonpayment However, many thesitesstillallowed such joiningmailing cationof personal information, as askingquestions, with and ordering preshipment, lists,stating preferences, evenonline product and thesesitesstillcollectpersonal Because or postshipment, CODbilling. that contend advocates consumer information, privacy somefinancial many shouldstill discloseprivacyand securitypractices. the online retailers and the in we privacy security Nevertheless, present thisfootnote aggregate card credit transactions. foronlythoseWebsitesthatallowed figures

The sharingof informationwith othercompanies was disclosed by only 112 (29.4%) of the examinedonline retailers. With respect to privacy protection levels, 65 sites (17.1%) reported no sharing of consumer information; 2 (.5%) shared informationonly if requested by the customer (an opt-in procedure); 19 (5.0%) carefully shared information but provided an opt-out alternative, whereas 16 (4.2%) merely provided the opt-out alternative;3 (.8%) agreed to share carefully but had no opt-out procedure;and 7 (1.8%) merely sharedinformationwithout furthernotification.The remaining269 sites (70.6%) had no such privacy statement. Online customeridentificationprocedureshad the lowest disclosure rates: Only 88 sites (23.1%) offered this type of statement.Nineteen sites (5.0%) explicitly stated that they never identified customers who access the site, 12 (3.1%) provided an opt-in alternative, 18 (4.7%) provided an optout alternative,and 39 (10.2%) stated that they identified customers but did not provide any opt-out alternatives. With respect to methods of responding to security concerns, 250 sites (65.6%) disclosed at least one of the three practicesdescribedpreviously.Specifically, security-related 193 (50.7%) indicated that transactions were secure, but
I

had 146 card credit transactions, (49.8%) some Of the293 sitesallowing for Disclosure statement. typesof prifigures theindividual typeof privacy customer contacts,102 were 118 (40.3%)for unsolicited vacy concerns and information distribution, 82 (28%)for online (34.8%)for customer statements,230 customer identification.Regardingsecurity-related communicated 192 statement, (65.5%) had (78.5%) sometypeof security of the presence securetransaction systems,22 (7.5%)hadonlinesecurity and 161 (54.9%)explicitly disclosedalternative payment guarantees, methods.

of Journal Public Policy& Marketing
that Finally,181 sites only 22 (5.8%)guaranteed security.
(47.5%) explicitly offered alternativepurchasingmethods. The disclosure rates variedconsiderablyacross shopping categories. As can be seen in Table 2, Web site categories such as departmentstores and toys and games had higher percentages of privacy statements,whereas lower percentages were found in categories such as home decor and rugs and carpets.

59

Web sites delves furtherinto Internetprivacy and security issues by examining the degree of favorablenessof actual online retailerpractices from a privacy policy perspective. In addition,by integratingdata from a consumersurvey, we show thata positive relationshipexists between the percentstatementson Web sites age of privacy-and security-related for particularonline shopping categories and consumers' online purchaselikelihoods for those categories.8

BetweenE-RetailerResponses The Relationship and ConsumerPerceptions
To examine whetherthe prevalenceof privacy and security disclosures relates to consumer perceptions,we compared the Web site examinationdetailed previously with a subset of data from a March 1999 investigation of 160 Internet users.6The data are from a pencil-and-paper survey used to explore consumers' Internetusage activities and their perceptions regardingonline shopping.Among other items not examined here, the questionnaireincluded purchase likelihood and risk perception measures for 17 categories of goods sold online at the time of the study; these categories matched those used for the Web site examination.Purchase likelihood for each category was measured with a sevenpoint response item that asked how likely respondentswere to make Internetpurchasesfor each shopping category and was anchoredwith "veryunlikely"(1) and "verylikely" (7). Risk perception was assessed by asking how risky online purchasesare in each categoryon a scale anchoredwith "not risky"(1) and "risky"(7). To assess the expected relationships,the percentagesof privacy- and security-relatedstatementsfrom the Web site examination(Columns 5 and 9 of Table 2) were compared with the risk perceptionsand purchaselikelihoods from the consumer survey at -the shopping category level. Spearman'srank correlationswere calculated for each pair of variables. Although the prevalence of privacy and security statements was expected to be negatively correlated with risk perceptions,analyses showed no relationshipfor either privacy (rs = -.06, n.s.) or security (rs = -.01, n.s.). However, the percentageof privacy statementsin a category was positively related (as expected) to category-level online purchase likelihoods (rs = .65, p < .01). Likewise, the percentage of security statements in a category was positively related to online purchaselikelihoods (rs = .44, p < .05).7

Limitationsand FutureResearchDirections
Although the examination presented here is helpful for disclosure practices of online retailers, sevunderstanding eral limitations should be addressed in further research. First, the rapid growth of the Internetand online shopping practicesmakes publishedresearchsuch as this datedby the time of publication.The examination of online disclosure practices should be an ongoing researcheffort, particularly with respectto how such practicesmay affect consumerperceptions. A second limitation involves the measure of perceived risk used in the consumer survey. More-specific measuresof perceived risk would aid in understanding how consumers perceive the various dimensions of risk with respect to online shopping. For example, various risk dimensions may be more salient depending on the product category that is being considered for online purchase. Finally, instead of examining only perceived risk toward generalonline shopping,specific assessmentsof risk regarding privacy, online retailerfraud,and the security of online transaction systems would be helpful for understanding those aspects that may be influencedby online disclosures. There are several directions that future policy-related marketingresearchcan take to advanceknowledge that will be beneficial to both consumersand businesses. For example, much of the proposed legislation is targeted toward mandatorydisclosures of online retailers' collection, use, and disseminationof consumer data. These disclosures are often seen by policymakersas necessary informationtools so that consumerscan operate with more complete knowledge of retailerpractices(Andrews 1998). The same disclosures may be seen by retailersas an opportunityto reduce consumer concerns regardingprivacy issues. An approach suggested by Milne and Boza (1999) uses concepts from relationshipmarketingto focus online retailerresponses to privacy and security issues so that these responses emphasize the development and improvementof trust between marketersand consumers.Thus, insteadof focusing on concerns, the focus shifts to trust, which Milne and Boza describe as a distinct approachto managing potential privacy issues regardingdatabasemanagement(cf. Milne and Gordon 1993). Because the methodor formatof information disclosures can affect consumer perceptions and behavior (e.g., Sprott, Hardesty, and Miyazaki 1998), research that examines how such approachescan satisfy new legislative requirementswould be helpful. Consumers would receive
the of and disclosures 8Although prevalence privacy- security-related was not foundto be related category-level perceptions, may to risk this havebeenan artifact the diversity the dimensions riskthateach of in of that risk product category mayinvoke.Considering ourone-item perceptionmeasure generic, suchvariance thedimension riskconwas in of any sidered consumers whenresponding eachcategory to couldhavehinby deredthe findings.

Discussion
In addition to providing a comparison point with FTCrelated research, the present examination of commercial

were in solicited a major international of 6Respondents randomly airport a largeU.S.city(theeffective rate See and response was84.7%). Miyazaki Fernandez characteristics. (2000)forsurvey details, including sample 7Insupport ourprevious of that methods suggestion alternative ordering onlineordering theothersecurity as maynotbe as effectivein increasing information the rank between alternadisclosures, Spearman's correlation tive ordering methods purchase and likelihoods nonsignificant = was (rs the between ratethateither theother the of .06), whereas correlation secuand likelihoods significant = .65, was ritystatements appeared purchase (r, p <.01).

60

Internet Privacy and Security
Chonko, Lawrence B. (1995), Ethical Decision Making in

the disclosures required by policymakers, and marketers would enjoy the benefits of increasedeffectiveness from a managerialperspective. Although several legislative efforts appearto be directed at e-commerce, policymakers should continue to evaluate not only online practiceand consumer perceptionsbut also expert opinion regardingthe seriousness of threatssuch as undisclosed customer identification and tracking-two issues that have received little attentionin pending legislation. In addition, privacy and security concerns may have differential effects on consumer perceptions and behavior, perhapscomplicating policymakers' efforts to inform consumers of unsafe online practices while still avoiding unnecessary deceleration of Internet adoption rates. As such, the barrageof privacy and securitywarningsissued to consumers may have mixed effects on consumer confidence, particularlyas the Internetbecomes perceived as a necessary element of modern life. An additionalconcernis the directionin which legislation is headed. Petty (1998) contends that though there will be continued efforts to reduce deceptive practices, the emerging focus will be on reducing unfairness,particularlyas it applies to the targeting of potentially vulnerable audiences-a practicethat will be increasinglyeasy to facilitate databaseinformationgrows. as Internet-related As the popularityof the Internetcontinuesto rise, the privacy and security issues discussed here will inevitably change. Future alternatives to credit cards, such as electronic money or "e-cash"(Rothfeder 1997), are unlikely to relieve consumer concerns regardingprivacy and security. Similarly, online credit card guarantees, though calming some system security worries, may do little to resolve privacy concerns. Conversely, third-partyendorsers, such as TRUSTe, Better Business Bureau Online, or Web Assurance Bureau,may be useful in building trust between consumers and participatingonline retailerswith respect to privacy but may not resolve security issues. The introduction of security-relatedseals of approval,however, such as VeriSign and CPA WebTrust,may resolve this concern. In summary,the solution to many of these matters,from both privacy and security perspectives, will likely derive from a combination of strategic actions, such as guarantees or endorsements,and the incorporationof various theoretical approaches,such as building trust and adheringto implied social contracts.

Thousand Oaks,CA:SagePublications. Marketing. Online Glitch Makes CNN (1999), "A Hallmark Nightmare: Intimate 12), (February MessagesPublic,"CNN Interactive, at 12), (accessedFebruary [available http://cnn.com/US/9902/ 12/romeos.revealed.ap].
Consumer Reports Online (1998), "Some Bits and Bytes of

Sites,"specialreport,(accessedFebruary Consumer-Friendly 18), [available at http://www.consumersunion.org/Speciall Samples/Reports/9812shp2.htm]. Awareness NameRemoval of J. Culnan, Mary (1995),"Consumer Journalof for Direct Marketing," Procedures: Implications
Direct Marketing,9 (Spring), 10-19.

-

InternetPrivacyPolicy Survey: (1999a), "Georgetown to the FederalTradeCommission," (June),(accessed Report July 27), [availableat http://www.msb.edu/faculty/culnanm/ gippshome.html]. to and (1999b),"Privacy the Top 100 Web Sites:Report for Trade theFederal Commission," Privacy prepared theOnline Alliance, (June), (accessed November 22), [available at http://www.privacyalliance.org/resources/100_summary.shtml]. of Law (1999),"ThePublicPolicyProblems Cyberspace Institute at the Internet," 28), (accessedJanuary [available http://www. cli.org/selford/problems.htm]. Ernst & Young (1999), "Second Annual InternetShopping at (accessed August2), [available http://www.ey.com/ Survey," industry/consumer/internetshopping]. TradeCommission Federal (1998a),"Consumer Privacyon the World Wide Web," preparedstatement presentedto the Tradeand Consumer on Subcommittee Telecommunications, U.S. House on of Protection the HouseCommittee Commerce, DC of Representatives, Washington, (July21).
(1998b), "Cybersmarts: Tips for ProtectingYourselfWhen

29), Online," January [available (July1998),(accessed Shopping at http://www.ftc.gov/bcp/conline/pubs/online/cybrsmrt.htm]. (1998c), "FraudCould Slow Growth of Electronic FTC Commerce," PressRelease(June25), FTCFile No. P97Commission. Trade DC: 4406.Washington, Federal Online (1998d),"FTCReleasesReporton Consumers' FTCPressRelease(June4), FTCFile No. 954-4807. Privacy," Commission. Trade DC: Washington, Federal to statement Internet presented (1998e), prepared Privacy, of on the Subcommittee Courtsand Intellectual Property the House Committee on the Judiciary, U.S. House of DC 26). Washington, (March Representatives,
(1999), FTC International Web Survey: Disclosure of General Business and Contract-RelatedInformationby Online

References
and Special Andrews,J. Craig(1998), "Warnings Disclosures:
Editor's Note," Journal of Public Policy & Marketing, 17

(Spring),1-2. Bloom, Paul N., GeorgeR. Milne, and RobertAdler (1994), of Misuse New Information Legaland Technologies: "Avoiding 58 Journalof Marketing, (January), SocietalConsiderations," 98-110. Brinkley,Joel (1998), "F.T.C.Surfsthe Web and GearsUp to New 21), Times, Demand Protection," York (September Privacy 1,4. Innovations-and G. Privacy Briones,Maricris (1998), "Internet News, Issues-Remain Marketing's Marketing BiggestStory," 7), (December 1, 16.

Retailers, presented at U.S. Perspectives on Consumer in Protection the GlobalElectronic publicworkMarketplace shop, (June 8-9), (accessed November 22), [availableat http://www.ftc.gov/bcp/icpw/index.htm]. the Why the U.S. (1998), "Jimmying Internet: Folkers,Richard U.S. Is Standard VeryVulnerable," News& World Encryption 14), (September 45-46. Report, Foxman, Ellen R. and Paula Kilcoyne (1993), "Information Ethical and Practice, Consumer Privacy: Marketing Technology,
Issues," Journal of Public Policy & Marketing, 12 (Spring),

106-19.

of Recognition a Consumer Goodwin,Cathy(1991), "Privacy:
Right," Journal of Public Policy & Marketing, 19 (Spring),

149-66.

Journalof PublicPolicy& Marketing
Hoffman,DonnaL. and ThomasP. Novak(1996), "Marketing in Hypermedia Computer-Mediated Environments: 60 Journalof Marketing, (July), Foundations," Conceptual
50-68.

61

William Susan and Holstein, J., Thomas, FredVogelstein Gregory (December 42-45. 7), A Jones,MaryGardiner (1991),"Privacy: Significant Marketing 133-48. (Spring), Judge,Paul C. (1998), "HowSafe Is the Net?"BusinessWeek, (June22), 148-52. Bill Me?" Magazine, PC Machrone, (1998),"Trust 9), (June 85. in Milne, GeorgeR. (1997), "Consumer Participation Mailing 16 Marketing, (Fall),298-309. in and Maria-Eugenia (1999),"Trust Concern Boza and of Marketing Information Consumers' Management Perceptions
Practices,"Journal of InteractiveMarketing, 13 (1), 5-24. Lists: A Field Experiment," Journal of Public Policy & Issue for the 1990s," Journal of Public Policy & Marketing,10 (1998), "Click 'Til You Drop," U.S. News & World Report,

(2000), "Consumer Miyazaki,AnthonyD. and Ana Fernandez of RisksforOnline and Shopping," Perceptions Privacy Security of University Miami. Department, working paper, Marketing in NationalConsumersLeague (1999), "Consumers the 21st Century,"(May 19), (accessed August 2), [available at I.PDF]. http://www.natlconsumersleague.org/FNLSUM and Marketing the Law:The Petty,Ross D. (1998), "Interactive
FutureRise of Unfairness," Journalof InteractiveMarketing,12

21-31. (Summer), J. George Milne R. Andrew and Rohm, (1998),"Emerging Marketing of in and andPolicy Issues Electronic Commerce: Attitudes Beliefs Alex Simonson, N. CraigSmith,eds. and 8, Alan Andreasen, American 73-79. Association, Chicago: Marketing Rothfeder, Jeffrey(1997),"No Privacyon the Net,"PC World, 223-29. (February), Alexandra AbbyScher(1999),"Cookies Not So and Are Samuel, Sweet-Online Database Marketing,"Dollars & Sense, 7. (January/February), D. DavidE., DavidM. Hardesty, Anthony Miyazaki and Sprott, of An (1998), "Disclosure Odds Information: Experimental of Investigation Odds Formatand NumericComplexity,"
Journal of Public Policy & Marketing,17 (Spring), 11-23. Internet and Users,"in Marketing PublicPolicy Proceedings,Vol.

-

and MaryEllen Gordon(1993), "DirectMail PrivacyEfficiency Trade-OffsWithin an Implied Social Contract
Journal of Public Policy & Marketing, 12 (Fall), Framework,"

206-13.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close