It's Like I Thought.

New research – well worth reading – from Accenture on data privacy shows that only 3% of people (15,000 individual adult-age respondents) consider privacy “most important” when participating in online social networks, blogs, or wikis. To provide some context, it’s not that individuals responding to the Accenture survey do not care about privacy altogether: 43% said they consider privacy most important when visiting a health care provider, 39% when browsing the Internet, and 35% when paying bills or buying with a credit card.

I commented in another post that I thought Facebook members would get over the latest privacy dustup and that very few would leave. Now, I think we see why so few are concerned about the Facebook Privacy Settings Scandal: they apparently either really don’t care about their privacy when active in social networks or they don’t yet consider Facebook a public activity (if the latter is the case, they really aren’t paying attention). It may take one or more catastrophic-impact privacy events that affect millions on social networks before there are any mass departures from any of the popular ones.

Some other interesting findings from the report indicate serious differences between individuals and businesses when it comes to data privacy. While some 70% of both business and individual respondents agreed or strongly agreed that organizations have certain obligations when it comes to individuals’ data in the areas of security, disclosure, and dealing with loss of data in their possession, between 40% and 50% of the 5,500 business leaders surveyed:

  • Are either unsure about or actively disagreed with giving people the right to control the type of personal information their companies collected about them or about how the companies used that information. My initial responses are “Wow!” and “I guess I am not terribly surprised.”
  • Do not believe “it’s important or very important to limit the collection and sharing of sensitive personal information, protect consumer privacy rights, prevent cross-border transfers of personal information to countries with insufficient privacy laws and prevent cyber crimes against consumers and data loss or theft.” That’s stunner #1. I would hope I am not dealing with or a customer of those companies.
  • Do not consider important or very important common organizational privacy practices such as “notice, consent, access, redress, security, minimization, and accuracy.” That’s stunner #2. I guess I’d better actually read those disclaimers from now on.

Accenture suggests that industry differences, cultural or regional differences, regulatory differences, and/or lack of clarity about responsibility for data protection and privacy within organizations may be at the root of the business attitudes reflected in the three bullet points.

At this point, it seems, many companies consider data on customers to be their data not the customers’ data. I admit this is a complex issue, but I think there has to be some common ground that enables companies to use the data and individuals to control it – of course, I am not sure what that is yet.

There’s much more in the report, including five key findings I’ve not really addressed here. To my knowledge, this is the first comprehensive survey on this topic that captures both the business and individual perspectives.