A longitudinal analysis of the privacy policies of the Fortune e-50 firms.

Etheridge, Harlan L. ; Hsu, Kathy H.Y.

ABSTRACT

We examine the online privacy policies of the Fortune e50 firms to determine the extent to which online firms are committed to protect online consumer privacy. In addition, to determine the extent that the "dot.com bust", increasing consumer awareness of online privacy issues, and government regulations related to consumer privacy have impacted the privacy policies of U.S. firms engaged in ebusiness, we re-examine the privacy policies of the Fortune e50 firms two and one-half years after our initial investigation.

Our results suggest that most e50 firms provide basic information about online consumer privacy and that the disclosure of such information seems to be increasing. However, certain important aspects of online consumer privacy are lacking in the privacy policies of the e50 firms, particularly those related to the ability of online consumers to control how their data is used, how data collected via email is used, and how the online privacy of children is ensured. Given the sensitive nature of much of this information and the rise in computer crimes, unless online firms increase the ability of consumers of direct how their personal information can be used, the Federal Government may introduce more legislation to further protect online consumer privacy by forcing online firms to offer consumers this option.

INTRODUCTION

Online privacy is an important issue in today's digital economy. Of the many challenges facing the Internet, privacy has risen above them all as the number one concern (and barrier) voiced by web users when going online. Privacy advocates and consumer groups caution online consumers that personal information may be collected by web sites and used in ways that may compromise their privacy. Numerous events involving violations of consumers' privacy also have served as a catalyst to increase interest in online privacy (Stellin 2000; Electronic Frontier Foundation 2001; Gill 2001; Guernsey 2001). The Federal Trade Commission has targeted traditional firms such as Microsoft, The Ohio Art Company, and Eli Lilly, online firms such as Toysmart.com, Worlwidemedicine.com, Focusmedical.com, ReverseAuction.com, and GeoCities, as well as other firms with consumer privacy violations. As a result of the publicity generated from these cases, attention directed toward online privacy has increased dramatically, and several online privacy groups have emerged, e.g., the Center for Democracy and Technology; the Online Privacy Alliance; the Personalization Consortium; and the Privacy Foundation; independent privacy policy verification programs that attest to the quality of online privacy policies and practices have been formed, e.g., TRUSTe; BBB Online; WebTrust; and eSure; and the federal government has become involved in the protection of consumer privacy through the implementation of various laws and regulations, e.g., Gramm-Leach-Bliley Act, and The Children's Online Privacy Protection Act.

A question that must be asked, however, is "Are online companies listening to the issues surrounding online consumer privacy and implementing and enforcing appropriate privacy policies?" One way to determine if online companies view online consumer privacy as an important issue is to examine their online privacy policies. A privacy notice is a written statement advising the public of the collection and use of personally identifiable information and security practices of a firm. A good privacy notice is easy to find, easy to read, and comprehensively explains all of the firm's online information practices. This notice provides online visitors an opportunity to make informed decisions about the collection and use of their information. In this study, we examine the online privacy policies of the Fortune e-50 firms, fifty firms that are representative of the Internet economy, to determine the extent to which online firms are committed to protect online consumer privacy.

Due to the significance of the on-line components of these companies, online privacy issues should be very important to the Fortune e-50 firms. Companies that want to be successful in conducting business on the Internet must be responsive in promoting the trust and confidence of on-line commerce. A privacy policy allows consumers to know that the business follows ethical practices in the treatment of their personally identifiable information, and helps increase consumer confidence in the Web as a safe place to shop.

The terms of a privacy notice are very important because they substantially determine an individual's understanding of how information will be used and what steps the individual may take to protect his or her privacy. A good privacy notice is tailored to the specific information practices of an organization and should not be merely copied from another source. When developing a privacy policy, it is necessary for a company to take an in depth look at what information their web site collects, how the information collected is being used, and its internal protocols and policies as they relate to information collection and use.

Although privacy issues relate to consumers, employees, suppliers, distributors, etc., our study focuses on consumer online privacy because individual consumers have little influence on the privacy policies and practices of the online firms with which they do business. Consequently, consumers must rely on online firms to develop, implement and maintain adequate policies and practices to protect their privacy online.

Currently, the government has relied on self-regulation by online firms to protect online consumer privacy. However, if online firms do not take steps to adequately safeguard online consumer privacy, then the government may intervene and pass additional legislation designed to protect online consumer privacy. In fact, the federal government already has determined a need to protect the privacy of consumers using financial institutions (the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act) and the online privacy of children under the age of 13 (The Children's Online Privacy Protection Act). Online firms should have incentives to adequately protect online consumer privacy because violations of government privacy legislation can result in:

1. Government fines: Violations can result in fines of up to $11,000 for each infraction. Infractions can range from not applying a customer preference for the use of their personally identifiable information throughout the enterprise to the accidental sharing of a single customer record.

2. Litigation costs: Firms that are defendants in lawsuits alleging unfair and deceptive practices relating to online consumer privacy face potentially huge litigation costs and legal fees.

3. Marketing sanctions: Firms found to be in violation of privacy regulations can be issued with cease-and-desist orders, which can paralyze their consumer marketing operations.

4. Brand damage: Negative publicity from consumer privacy violations could erode customer loyalty and shareholder confidence (Acxiom.com 2000b).

Although these government sanctions exist, they have been applied only in extreme cases. As a result, the government has relied primarily on self-regulation by online firms to protect online consumer privacy. However, if online firms do not take steps to adequately safeguard online consumer privacy, then the government may intervene and pass additional legislation designed to protect online consumer privacy. Our longitudinal examination of the privacy policies of the Fortune e50 firms should provide an indication of the level of and any shifts in the commitment of online firms to protect online consumer privacy.

ISSUES SURROUNDING ONLINE CONSUMER PRIVACY

Many issues are related to online consumer privacy, including the type of information that is collected, how that information is used, and if that information should be shared with others. The Online Privacy Alliance, an organization of online firms that is committed to the protection of online consumer privacy, has issued a document that outlines five issues that online firms must address to protect the online privacy of their users. Creating Consumer Confidence Online: Five Essential Elements to Online Privacy (Online Privacy Alliance 2000) asserts that the following five items are issues with which online firms must contend in order to adequately protect online consumer privacy:

1. the adoption and implementation of a privacy policy,

2. the notice and disclosure of significant privacy policies,

3. the choice and consent of online consumers as to how online consumer data is used,

4. the security of online consumer data, and

5. the quality and access of online consumer data

Our study investigates these five issues to determine the extent to which online firms are committed to protect online consumer privacy and the extent to which they have modified their online privacy policies to achieve this objective. Specifically, we examine the web sites of the Fortune e50 firms for the following items:

1. disclosure and listing of an online privacy policy,

2. disclosure of information regarding the independent certification of the online privacy policy, including what online privacy policy certification service is used,

3. disclosure of what consumer information is collected online (Please see Appendix A for a listing of the general types of consumer information that are gathered online.),

4. disclosure of how consumer information collected online is used (Please see Appendix B for a description of how online consumer information may be used.),

5. disclosure of whether consumer information collected online is shared, with other companies,

6. disclosure of whether consumers have a choice as to how their online data is used,

7. disclosure of information regarding the privacy policies of linked web sites,

8. disclosure of whether consumer information collected online is shared with affiliated companies,

9. disclosure of whether information collected via email is retained for use,

10. disclosure of whether "cookies" are used,

11. disclosure of information about the security of consumer information collected online,

12. disclosure of separate information regarding the online privacy of children,

13. disclosure of whether consumers can review, change or correct information gathered online,

14. disclosure of whether consumers can "opt out" of online or email programs,

15. disclosure of information about the revision of online policies, and

16. disclosure of contact information regarding online policies.

We think that these 16 items allow us to adequately assess how well the privacy policies of the Fortune e50 firms incorporate the five elements essential to online consumer privacy as delineated by the Online Privacy Alliance.

DATA

The data used in this study was gathered from the online privacy policies of the Fortune e50 firms in 2000 and 2003. The Fortune e50 firms are fifty firms that are representative of the Internet economy and, in this study, proxy for online firms in general. The Fortune e50 firms are selected from the following subsectors:

1. E-Company Firms,

2. Net Communications Companies,

3. Net Hardware Companies, and

4. Net Software and Services Companies.

Our initial sample of firms consists of 18 e-company firms, 12 net hardware companies, 15 net software and service companies, and 5 net communication companies. Privacy policy data on these firms was gathered in December 2000. See Table 1 for a list of firms in our initial sample.

In August 2003, we gathered the same privacy policy data for the Fortune e50 firms. Because the composition of the Fortune e50 is not static, our follow up sample of firms differs from our initial sample. Our follow up sample contains 16 e-company firms, 12 net hardware companies, 16 net software and service companies, and 6 net communication companies. See Table 1 for a list of firms in our follow-up sample.

Because a change in composition of the Fortune e50 could bias our results when comparing privacy policy disclosures over time, we also examine changes in the online privacy policies of the surviving e50 firms. See Table 2 for a list of firms included in both our initial and follow-up samples.

The web site of each of the firms in the study was examined for an online privacy policy. Most firms had privacy policies listed online. However, if no privacy policy was found on a firm's web site, an email was sent to the firm stating that we were conducting research on online privacy policies and were unable to find a privacy policy on their web site. The email then requested that any information regarding their firm's online privacy policy be emailed to us.

RESULTS

Results from Initial Sample

The results from our initial sample show that 84% of the Fortune e50 firms have online privacy policies with all of the ECF and NCC having privacy policies, 73% of the NSSC providing privacy policies, and 67 % of the NHC listing privacy policies. Most e50 firms opt not to use privacy policy verification services, e.g., TRUSTe, with certification ranging from 44% (ECF) to 25% (NHC). The most prevalent verification service is TRUSTe (used by 30% of e50 firms), while the least used are WebTrust and eSure (each used by 2% of the e50 firms). The only other privacy policy verification service used by the e50 firms is BBB Online which is used by 8% of e50 firms. Very few firms use multiple certification services (4%).

The majority of e50 firms disclose what information is collected by their websites (68%), how collected information is used (80%), how information is shared (76%), whether or not cookies are used (68%), how collected information is secured (68%), how consumers can opt out of online programs (64%), how consumers can review, change or correct their information (60%), and how the company may be contacted with questions about their privacy policy (60%). However, most of the e50 firms do not disclose information about consumer choices regarding data use (18%), a separate privacy statement for children (18%), privacy policies of linked sites (34%), whether information disclosed by email is collected or used (36%), or revisions to their privacy policy (48%). See Table 2 for a listing of the types of information provided by firms within each subsector in our initial sample.

Results from Follow-Up Sample

The results of our follow up sample indicate that more firms have online privacy policies than in our initial sample (92% vs. 84%); however, fewer of the firms chose to utilize a third-party, privacy certification service (34% vs 36%). Significantly more firms chose to disclose important information about online consumer privacy. Some of the more important increases in privacy disclosures are related to what information is collected (88% vs 68%), how information is used (90% vs 80%), the privacy policies of linked web sites (64% vs 34%), how consumer information is secured (82% vs 68%), and how to determine if the company's privacy policy has changed (66% vs 48%). The only area where disclosure declined is related to how information collected via email is used (24% vs 36%). Also it is notable that less that the majority of firms in the follow-up sample disclosed information related to consumer choice of information use (24%), online privacy and children (42%), and how information collected via email is used (24%). See Table 2 for a listing of the types of information provided by firms within each subsector in our follow-up sample.

Results from Surviving Firm Sample

Because the composition of firms in the initial sample and follow-up sample differ, results from comparing the contents of the online privacy policies of these two samples may be partially driven by the differences in sample composition. Consequently, in order to better understand how ebusiness firms have modified their online privacy policies in response to consumer and government pressure, we examine the temporal differences in the online privacy policies of firms in both the original and follow-up samples (surviving firms). See table 3 for a listing of the surviving firms and table 4 for data related to the surviving firms' information.

Performing a temporal comparison of the online privacy policies of the surviving firms yields the following results. Slightly more firms have an online privacy policy in the follow-up sample of surviving firms (91%) compared to the original sample of surviving firms (87%). This is due to an increase of online privacy policies among the NHC firms (80% vs 70%). The percentage of surviving firms using privacy policy certification services experienced a slight decline across time (47% vs 43%). However, it is interesting to note that a decline in privacy policy certification services was experienced in the ECF (27% vs 45%) and NHC (20% vs 30% firms while an increase was experienced among the NCC (100% vs 50%) and NSSC firms (86% vs 71%). Additional investigation is required to explain this phenomenon. Also, no surviving e50 firms use the WebTrust or eSure services in the follow-up sample. This is partially due to the fact that eSure was a service of Arthur Andersen whose business and reputation were devastated as a result of the Enron scandal. The reason for a drop in the percentage of firms using WebTrust is unknown; however, since only one firm used WebTrust in the initial sample, further investigation is needed to clarify this issue.

Significantly more firms in the follow-up sample disclose what information is collected (87% vs 70%) compared to the initial sample; however, only slightly more firms in the follow-up sample disclose how collected information is used (87% vs 83%) compared to the initial sample. Although significantly more NSSC firms disclosed information regarding consumer choice about data use (57% vs 29%), the overall percentage of firms disclosing such information declined (23% vs 27%). This is due to declines in disclosures of this information in the ECF (9% vs 18%) and NHC (10% vs 30%) sectors. The decline in overall disclosure of consumer choice information is counter to the results from the samples composed of all e50 firms.

Many more firms in all four sectors disclosed information about the privacy policies of linked sites (53% vs 30%) while a slight decrease in firms disclosing information regarding data sharing with related companies was noted (53% vs 60%). The latter result is driven by the fact that fewer firms in the ECF (73% vs 82%) and NCC (0% vs 100%) sectors and is counter to the result obtained using the samples composed of all Fortune e50 firms. A large decline was noted in the number of firms disclosing information related to the privacy of data collected via email (33% vs 50%). All of the sectors except ECF experienced declines in the disclosure of this information.

Significantly more firms disclosed information related to children's privacy in the follow-up sample compared to the initial sample (53% vs 37%). However, a decline was experienced in the percentage of firms disclosing information regarding the ability of consumers to review, change or correct their personally identifiable information (63% vs 70%). This result is counter to the result obtained from the full samples of firms and is due to a large decline in the reporting of this information in the NCC sector (0% vs 100%) a small decrease in the NHC sector (60% vs 70%) and an increase in the NSSC sector (86% vs 71%). Finally, slightly fewer firms reported information about consumer ability to opt out of specified programs (generally email) (73% vs 77%), which is counter to the result from the full samples of firms, while significantly more firms disclosed information about changes in their privacy policies (70% vs 53%).

CONCLUSIONS

Online privacy is a major concern of individuals spending time on the Internet. Most Fortune e50 firms provide basic information about online consumer privacy. However, certain important aspects of online consumer privacy are lacking in the privacy policies of the Fortune e50 firms. Surprisingly, most of the Fortune e50 firms do not have independent certifications of their online privacy policies. Our results also indicate that the percentage of overall firms disclosing information regarding what information is collected and how it is used. We also find that the reporting of information related to data sharing and consumer choice about data use has increased in the overall samples of firms; however, the number of surviving firms that disclosed information about consumer choice about data use declined, as did disclosure of information about data sharing with affiliated companies.

Significantly more firms report information about the privacy policies of linked sites but the disclosure of information about the privacy of data collected via email declined. More firms report information regarding the use of cookies, the security of consumer information, and online privacy of children. And although more firms overall report information related to consumer ability to review, change or correct their personally identifiable information and the ability of consumers to opt out of online or email programs, fewer surviving firms do so. Finally, significantly more firms disclose information about changes in their privacy policies.

In summary, it appears that disclosures in the online privacy policies of the Fortune e50 increased from 2000 to 2003. However, several areas of disclosure are still in need of improvement, particularly information related to consumer choice about data use, the privacy of data collected via email, and children's online privacy. Also, declines in the disclosure of certain information among the surviving firms were noted. If online firms fail to continue to adopt more comprehensive online privacy policies, possible implications are that more consumers may elect not to shop online, and that the Federal Government may introduce more legislation to protect online consumer privacy. Either of these situations will exacerbate the difficulties many online firms currently are experiencing and may result in further disillusionment with and capital flight away from online companies. Also, the fact that identity theft and online fraud continue to grow is putting additional pressure on online firms to disclose more information regarding online consumer privacy.

Difficulties that online firms may experience in developing privacy policies are that consumer expectations regarding privacy policies may shift, requiring online firms to modify their privacy policies accordingly. Another difficulty of developing and maintaining an online privacy policy is related to the number of countries that have enacted laws to protect consumer privacy. Because online firms engage in transactions around the world, ideally their privacy policies would address the concerns of the consumer privacy laws of the countries in which they have customers. However, hundreds of consumer privacy laws have been enacted in numerous countries across the world and, consequently, it would be virtually impossible to incorporate the requirements of all of these laws into a single online privacy policy. A possible solution to this dilemma is to have multiple online privacy policies for different regions of the world; however, ensuring compliance with all of these privacy policies would be very time consuming and expensive.

REFERENCES

Acxiom.com (2000a). What Every Consumer Should Know. Retrieved July, 10, 2001, from http://www.acxiom.com.au/DisplayMain/0,1494,USA~en~777~3144~0~0,00.html

Acxiom.com (2000b). Penalties for Non-Compliance: What Happens if a Company Doesn't Honor Privacy Preferences? Retrieved July 10, 2001, from http://www.acxiom.com.au/DisplayMain/0,1494,USA~en~580~3193~0~0,00

Electronic Frontier Foundation (2001). Judge Rules Alleged DoubleClick Privacy Violations Sufficient to Go to Trial-Electronic Frontier Foundation Urges DoubleClick to Adopt Opt-In Privacy Protections. Media Release, June 6, 2001. Retrieved August 21, 2001, from http://www.eff.org/legal/cases/DoubleClick_cases/ 20010606_eff_doubleclick_pr.html

Gill, Lisa (2001). Protesters Blast Macy's Online Privacy Policies. NewsFactor.com. June 13, 2001. Retrieved August 21, 2001, from http://www.newsfactor.com/ story.xhtml?story_id=11222

Guernsey, Lisa (2001). When It Came to Privacy on EBay: No Became Yes. The New York Times Online Edition. January 11, 2001. Retrieved July 10, 2001, from http://tech2.nytimes.com/mem/technology/ techreview.html?res=980DE4D8113AF932A25752C0A9679C8B63&oref=login

Online Privacy Alliance (2000). Creating Consumer Confidence Online: Five Essential Elements to Online Privacy. Retrieved July 10, 2001, from http://www.privacyalliance.org/resources/OPA_brochure.pdf

Stellin, Susan (2000). Sale of Data Raises Privacy Worries. The New York Times. December 4, 2000.

Harlan L. Etheridge, University of Louisiana at Lafayette

Kathy H. Y. Hsu, University of Louisiana at Lafayette

Table 1--Samples of Firms Used in Study

Initial Sample Follow-Up Sample
JDS Uniphase Network Appliance Corporation
Juniper Networks Qualcomm Inc
Lucent Technologies Sun Microsystems Inc
Network Appliance Corporation Tellabs Inc
Qualcomm Inc Texas Instruments Inc
Sun Microsystems Inc NET SOFTWARE & SERVICE COMPANIES
NET SOFTWARE & SERVICE COMPANIES BEA Systems Inc
Ariba Check Point Software Technologies
BroadVision Citrix Systems Inc
Cambridge Technology Partners Intuit Inc
Citrix Systems Inc Macromedia Inc
Exodus Microsoft Corporation
Inktomi Network Associates
Intuit Inc Oracle Corporation
Macromedia Inc PeopleSoft Inc
Microsoft Corporation S1 Corporation
Network Associates Siebel Systems
Oracle Corporation Symantec Corporation
Razorfish TIBCO Software Inc
Security First Technologies Verisign Inc
TMP Worldwide Veritas Software Corporation
VeriSign Inc

Table 2--Privacy Policy Results Summarized by Sector--All Firms

 Initial Sample

Items of Interest Total ECF NCC NHC NSSC

Disclosure of Privacy 84.0% 100.0% 66.7% 73.3% 100.0%
 Policy
Use of Privacy Policy 36.0% 44.4% 25.0% 33.3% 40.0%
 Certification
BBB Online 8.0% 0.0% 16.7% 0.0% 40.0%
TRUSTe 30.0% 44.4% 16.7% 33.3% 0.0%
WebTrust 2.0% 5.6% 0.0% 0.0% 0.0%
eSure 2.0% 5.6% 0.0% 0.0% 0.0%
What Information 68.0% 77.8% 66.7% 53.3% 80.0%
 Collected
How Information is Used 80.0% 88.9% 66.7% 73.3% 100.0%
Disclosure of Data Sharing 76.0% 94.4% 41.7% 73.3% 100.0%
Consumer Choice About Data 18.0% 11.1% 25.0% 13.3% 40.0%
 Use
Privacy Policies of Linked 34.0% 27.8% 25.0% 46.7% 40.0%
 sites
Data Sharing with 58.0% 88.9% 25.0% 46.7% 60.0%
 Affiliated companies
Privacy of Data Collected 36.0% 44.4% 33.3% 26.7% 40.0%
 Via Email
Use of Cookies 68.0% 88.9% 66.7% 53.3% 40.0%
Security of information 68.0% 77.8% 50.0% 66.7% 80.0%
Children's Privacy 34.0% 44.4% 16.7% 20.0% 80.0%
Review, Change or Correct 60.0% 66.7% 58.3% 46.7% 80.0%
 Information
Ability to Opt Out 64.0% 61.1% 58.3% 66.7% 80.0%
Revisions of the Privacy 48.0% 61.1% 33.3% 40.0% 60.0%
 Policy
How to Contact Us 60.0% 66.7% 50.0% 60.0% 60.0%

 Follow-Up Sample

Items of Interest Total ECF NCC NHC NSSC

Disclosure of Privacy 92.0% 94.1% 83.3% 93.8% 100.0%
 Policy
Use of Privacy Policy 36.0% 23.5% 25.0% 50.0% 60.0%
 Certification
BBB Online 8.0% 5.9% 16.7% 0.0% 20.0%
TRUSTe 32.0% 23.5% 16.7% 50.0% 40.0%
WebTrust 0.0% 0.0% 0.0% 0.0% 0.0%
eSure 0.0% 0.0% 0.0% 0.0% 0.0%
What Information 88.0% 82.4% 83.3% 93.8% 100.0%
 Collected
How Information is Used 90.0% 94.1% 75.0% 93.8% 100.0%
Disclosure of Data Sharing 82.0% 82.4% 58.3% 100.0% 80.0%
Consumer Choice About Data 24.0% 17.7% 8.3% 43.8% 20.0%
 Use
Privacy Policies of Linked 64.0% 52.9% 58.3% 68.8% 100.0%
 sites
Data Sharing with 58.0% 82.4% 41.7% 50.0% 40.0%
 Affiliated companies
Privacy of Data Collected 24.0% 41.2% 8.3% 12.5% 40.0%
 Via Email
Use of Cookies 76.0% 70.6% 66.7% 81.3% 100.0%
Security of information 82.0% 82.4% 75.0% 81.3% 100.0%
Children's Privacy 42.0% 47.1% 41.7% 25.0% 80.0%
Review, Change or Correct 64.0% 76.5% 66.7% 62.5% 20.0%
 Information
Ability to Opt Out 70.0% 70.6% 50.0% 87.5% 60.0%
Revisions of the Privacy 66.0% 58.8% 50.0% 75.0% 100.0%
 Policy
How to Contact Us 68.0% 70.6% 66.7% 68.8% 60.0%

TABLE 3--SURVIVING FIRMS

ECOMPANY FIRMS NET COMMUNICATION COMPANIES
Amazon.com Inc AT and T Corporation
AOL Time Warner Inc SBC Communications Inc
Charles Schwab Corporation NET HARDWARE COMPANIES
DoubleClick Inc Broadcom Corporation
E Trade Group Inc Cisco Systems Inc
EarthLink Inc Dell Inc.
eBay Inc EMC Corporation
FreeMarkets Intel Corporation
Knight Trading Group Inc International Business Machines
RealNetworks Inc Juniper Networks
Yahoo! Inc Network Appliance Corporation
NET SOFTWARE COMPANIES Qualcomm Inc
Citrix Systems Inc Sun Microsystems Inc
Intuit Inc
Macromedia Inc
Microsoft Corp
Network Associates
Oracle Corporation
Verisign Inc

Table 4--Privacy Policy Results Summarized by Sector

 Initial Sample--Surviving Firms

Items of Interest Total ECF NCC NHC NSSC

Disclosure of Privacy 86.7% 90.9% 100.0% 70.0% 100.0%
 Policy
Use of Privacy Policy 46.7% 45.5% 50.0% 30.0% 71.4%
 Certification
BBB Online 10.0% 0.0% 50.0% 20.0% 0.0%
TRUSTe 40.0% 45.5% 0.0% 20.0% 71.4%
WebTrust 3.3% 9.1% 0.0% 0.0% 0.0%
eSure 3.3% 9.1% 0.0% 0.0% 0.0%
What Information is 70.0% 63.6% 100.0% 70.0% 71.4%
 Collected
How Information is Used 83.3% 81.8% 100.0% 70.0% 100.0%
Disclosure of Data 76.7% 90.9% 100.0% 40.0% 100.0%
 Sharing
Consumer Choice About 26.7% 18.2% 50.0% 30.0% 28.6%
 Data Use
Privacy Policies of 30.0% 18.2% 50.0% 30.0% 42.9%
 Linked sites
Data Sharing w/Affiliated 60.0% 81.8% 100.0% 20.0% 71.4%
 companies
Privacy of Data Collected 50.0% 54.6% 50.0% 40.0% 57.1%
 Via Email
Use of Cookies 76.7% 81.8% 0.0% 70.0% 100.0%
Security of information 76.7% 81.8% 100.0% 60.0% 85.7%
Children's Privacy 36.7% 36.4% 100.0% 20.0% 42.9%
Review, Change, Correct 70.0% 63.6% 100.0% 70.0% 71.4%
 Information
Ability to Opt Out 76.7% 63.6% 100.0% 70.0% 100.0%
Revisions of the Privacy 53.3% 63.6% 100.0% 30.0% 57.1%
 Policy
How to Contact Us 73.3% 72.7% 100.0% 60.0% 85.7%

 Follow-Up Sample--Surviving Firms

Items of Interest Total ECF NCC NHC NSSC

Disclosure of Privacy 90.0% 90.9% 100.0% 80.0% 100.0%
 Policy
Use of Privacy Policy 43.3% 27.3% 100.0% 20.0% 85.7%
 Certification
BBB Online 10.0% 0.0% 50.0% 20.0% 0.0%
TRUSTe 40.0% 27.3% 50.0% 20.0% 85.7%
WebTrust 0.0% 0.0% 0.0% 0.0% 0.0%
eSure 0.0% 0.0% 0.0% 0.0% 0.0%
What Information is 86.7% 81.8% 100.0% 80.0% 100.0%
 Collected
How Information is Used 86.7% 90.9% 100.0% 70.0% 100.0%
Disclosure of Data 80.0% 81.8% 100.0% 60.0% 100.0%
 Sharing
Consumer Choice About 23.3% 9.1% 50.0% 10.0% 57.1%
 Data Use
Privacy Policies of 53.3% 36.4% 100.0% 60.0% 57.1%
 Linked sites
Data Sharing w/Affiliated 53.3% 72.7% 0.0% 30.0% 71.4%
 companies
Privacy of Data Collected 33.3% 63.6% 0.0% 10.0% 28.6%
 Via Email
Use of Cookies 76.7% 72.7% 100.0% 60.0% 100.0%
Security of information 76.7% 72.7% 100.0% 70.0% 85.7%
Children's Privacy 53.3% 54.6% 100.0% 40.0% 57.1%
Review, Change, Correct 63.3% 63.6% 0.0% 60.0% 85.7%
 Information
Ability to Opt Out 73.3% 72.7% 100.0% 50.0% 100.0%
Revisions of the Privacy 70.0% 72.7% 100.0% 50.0% 85.7%
 Policy
How to Contact Us 73.3% 63.6% 100.0% 70.0% 85.7%