internet privacy and security

8/6/2019 Internet Privacy and Security

1/9

Internet Privacy and Security: An Examination of Online Retailer DisclosuresAuthor(s): Anthony D. Miyazaki and Ana FernandezSource: Journal of Public Policy & Marketing, Vol. 19, No. 1, Privacy and Ethical Issues inDatabase/Interactive Marketing and Public Policy (Spring, 2000), pp. 54-61Published by: American Marketing AssociationStable URL: http://www.jstor.org/stable/30000487 .

Accessed: 23/04/2011 12:39

Your use of the JSTOR archive indicates your acceptance of JSTOR's Terms and Conditions of Use, available at .http://www.jstor.org/page/info/about/policies/terms.jsp . JSTOR's Terms and Conditions of Use provides, in part, that unlessyou have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and youmay use content in the JSTOR archive only for your personal, non-commercial use.

Please contact the publisher regarding any further use of this work. Publisher contact information may be obtained at .http://www.jstor.org/action/showPublisher?publisherCode=ama . .

Each copy of any part of a JSTOR transmission must contain the same copyright notice that appears on the screen or printedpage of such transmission.

JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new formsof scholarship. For more information about JSTOR, please contact [email protected].

American Marketing Association is collaborating with JSTOR to digitize, preserve and extend access to Journal of Public Policy & Marketing.
http://www.jstor.org/action/showPublisher?publisherCode=amahttp://www.jstor.org/stable/30000487?origin=JSTOR-pdfhttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/action/showPublisher?publisherCode=amahttp://www.jstor.org/action/showPublisher?publisherCode=amahttp://www.jstor.org/page/info/about/policies/terms.jsphttp://www.jstor.org/stable/30000487?origin=JSTOR-pdfhttp://www.jstor.org/action/showPublisher?publisherCode=ama


2/9


3/9

Journal of Public Policy & Marketing 55

viewed, even from a legal perspective, as a distinct con-sumer right (Goodwin 1991). With respect to online shop-ping, recent research by Rohm and Milne (1998) demon-strates that a majority of Internet users-both those whohave made online purchases and those who have not-haveseveral concerns regarding information privacy, includingissues related to the acquisition and dissemination of con-

sumer data.In conjunction with information privacy, security (partic-ularly information heft and misuse) also has been labeled akey concern of e-commerce by various government and con-sumer organizations e.g., Brinkley 1998; Consumer ReportsOnline 1998; Cyberspace Law Institute 1999; Federal TradeCommission 1998a; National Consumers League 1999) aswell as many articles in trade publications and the popularpress (e.g., Briones 1998; CNN 1999; Folkers 1998; Judge1998; Machrone 1998; Rothfeder 1997). These two issuesare interrelated, because when the protection of consumerprivacy is considered, he secure storage and transmission ofconsumer information ontained n organizational databasesalso are viewed as the

responsibilitiesof

participant rgani-zations (Federal Trade Commission 1998a; Jones 1991).From a public policy perspective, consumers are assumed

to have certain rights to privacy and security of their infor-mation when conducting online transactions. Publicityregarding hese issues has sparked everal calls for legislation(see Bloom, Milne, and Adler 1994; Milne 1997) that vary asto their requirements or changes in practices versus simpledisclosure of practices. Presumably, hanges n online retailerpractices hat are deemed consumer riendly will build onlineshoppers' confidence with respect to their future purchasingactivities. Conversely, increasing media coverage of theseissues may decrease consumer onfidence by highlighting herisks involved in online shopping and thus deter full con-sumer adoption of e-commerce (Judge 1998). Therefore, herole of policymakers s twofold: to facilitate the adoption ofonline shopping with its proposed market efficiencies andsimultaneously to protect and inform consumers by makingrisks of Internet ommerce known to all potential and activeparticipants. From a marketing perspective, he disclosure ofonline retailer practices may serve both to inform consumersabout risks of online practices and to reduce consumer riskperceptions and increase purchase behavior.

Online Disclosure of Privacy- andSecurity-Related Practices

Appropriateonline retailer

practices regardingthe

privacyand security of consumer nformation are the topic of muchrecently proposed or enacted egislative measures. For exam-ple, proposed regulation, such as the Consumer InternetPrivacy Protection Act of 1999 (H.R. 313), the OnlinePrivacy Protection Act of 1999 (S. 809), and the InboxPrivacy Act of 1999 (S. 759), all examine at least one aspectof online acquisition and disclosure of consumer nformation.The recently enacted Children's Online Privacy ProtectionAct of 1998 (16 C.F.R. Part 312), which applies to childrenyounger than 13 years of age, is even more restrictive n thedisclosure and consumer contact requirements hat may beimposed on certain ypes of Web sites. Similar egislation hasbeen proposed regarding nternet ecurity issues such as the

E-Privacy Act (S. 2067) and the Secure Public Networks Act(S. 909), both of which deal with encryption rights and stan-dards regarding domestic and international -commerce.

In general, policymakers are tending toward regulationsthat make online retailers responsible for disclosing con-sumer information acquisition, usage, and protection prac-tices. In fact, disclosure of online information privacy prac-tices has been the

subjectof several recent Federal

TradeCommission (FTC) investigations, including one in March1998 wherein more than 90% of examined Web sites (morethan 1400 in total) collected some type of personal nforma-tion from visitors to their pages. In contrast, only 14% of the674 commercial Web sites examined provided any type ofnotification regarding nformation collection practices, andonly 2% provided comprehensive privacy policies (FTC1998d; see also FTC 1999). A more recent examination byCulnan (1999a) finds that 65.9% of the 361 ".com" Websites examined provided at least one type of privacy disclo-sure (see Culnan 1999b).

Online Retailer Responses o Privacy ConcernsConsidering the privacy and security issues raised by gov-ernment and consumer groups, we now outline three key pri-vacy concerns and three online retailer methods of dealingwith perceived security problems Table I presents he vari-ous types of online retailer responses to privacy and securityissues). We then discuss how the disclosure of such infor-mation may relate to consumer perceptions and intentions.

Online Customer IdentificationOf concern o policymakers s whether and to what degree anonline retailer collects personal information rom Web sitecustomers (see Culnan 1995, 1999a). Although several ofthe aforementioned egislative efforts advocate full disclo-

sure of information acquisition activities, most informationprovided to online businesses is done knowingly by con-sumers. There exists, however, the ability for online retailersto identify and gather nformation n repeat visitors to a Website by placing coded information (called "cookies") oncomputer users' hard drives without their knowledge(Samuel and Scher 1999). This information may be com-bined with previously provided personal nformation o trackpatterns of Web site exploration and information searchbehavior.2 The concealed nature of this information cquisi-tion highlights the importance or online retailers o disclosetheir use of cookies or similar technologies so that customerswill know to what degree they will be identified when theyreturn to a

particularWeb site.

Surprisingly,none of the

aforementioned egislation specifically addresses his issue.Online retailers may offer various levels of responses to

customer identification issues. The most extreme position

2Although nternet sers mayadjust heirWeb browsers o reject ll orcertain ypesof cookiesor to warn hem before cookie s placed n theirhard rive,many onsumers ackknowledge f this function. urthermore,several nline product rdering ystems equire he use of cookies o trackselectedproducts o that he purchase rocess an be carried ut. The useof cookies can enable an Internet ser o browse o a particular ite andautomatically e presented with information niquelypreferred y thatuser,whether yconscious hoice i.e., selected tock quotes r news op-ics) or by way of marketer nalysis f online earch nd purchase atterns(i.e., online atalog fferings r banner dvertising hat orrespond o pre-determined ser nterests).


4/9

56 Internet Privacy and Security

Table 1. Online Retailer Responses o Privacy andSecurity ssues

Privacy IssuesaOnline ustomer dentification including se of cookies)

No policy tatement egarding his ssueIdentifies ustomerwhencustomer ogsonto siteIdentifies ustomerwhencustomer ogsonto site unless us-

tomer pts outIdentifies ustomer nly if customer equests uch dentifica-

tion (e.g.,"Remember ame/password")Does not dentify ustomerwhencustomer ogsonto site

Unsolicited ustomer ontactsNo policystatement egarding his ssueUses information o make unsolicited ustomer ontactsUses nformation o make unsolicited ustomer ontacts nless

customer pts outUses information o make unsolicited ustomer ontacts nly f

requested ycustomerUses nformation nly for nternal urposes ithout ontacting

customerDoes not collectany nformation

Distribution f customer nformation o third partiesNo policystatement egarding his ssueShares nformation ithother ompaniesCarefully cautiously) hares nformation ithother ompaniesShares nformation ithother ompanies nless ustomer pts

outCarefully cautiously) hares nformation ithother ompanies

unlesscustomer pts outShares nformation ithother ompanies nly f requested y

customerDoes not share nformation ithother ompaniesDoes not collectany nformation

Security ssuesSecure ransactions

Online redit ard ecurity uarantees

Alternative ayment ptions

aRetailer esponses or privacy ssuesare ordered rom east favorable omost avorable rom consumer rivacy erspective.

(perhaps preferred by strict privacy advocates) is never toidentify customers when they access a site. Alternatively, aconsumer

opt-inchoice would allow such identification to

occur only if the customer explicitly requests such a practice(e.g., checking a box that asks the online retailer o "remem-ber my name and password"). Negative option, or opt-out,choices, which have been suggested by several legislativeefforts and are often practiced in mail-order marketing(Milne 1997), enable consumers to prohibit automatic den-tification by either checking an opt-out box during initialregistration or separately contacting the online retailer andrequesting that such identification does not occur. An evenless desirable level of response from a consumer privacyperspective would be constant identification of consumersas they access the Web site, without an opt-out alternative.Finally, the response most likely seen by policymakers as

the least favorable is the lack of any communication o theInternet user regarding the online customer identificationpractices of the particular retailer (Brinkley 1998; FTC1998b).

UnsolicitedCustomer ContactsThe practice of collecting consumer information for one

purpose and then using that information o make unsolicitedcontacts has long been a privacy issue (see Goodwin 1991;Milne 1997). With respect to the Internet, the majority oflegislative efforts address unsolicited customer contacts as acommon concern for consumers and thus one of two keyissues for regulation. As with online customer identifica-tion, responses to the unsolicited contact concerns vary as tothe level of privacy protection hey offer. At the most favor-able level (from a privacy perspective), online retailerswould not collect any information from consumers, thusprohibiting he retailers rom making unsolicited contacts. Asimilar situation would involve the collection of personallyidentifying information combined with the presence of apolicy that the information would not be used for contactingcustomers. Opt-in and opt-out policies represent the nexttwo levels of response; the latter is the most commonresponse in current direct marketing activities (see Milne1997).3

Customer nformation DistributionThe other key regulatory ssue is the degree to which customerinformation will be shared i.e., rented or sold) to third partiesthat have marketing-related nterests n such data. Though animportant ssue in much privacy research e.g., Culnan 1995;Goodwin 1991; Milne 1997), this concern has just begun toreceive interest with respect o online shopping, particularly nlight of the aforementioned egislative efforts. Possible online

retailer responses to information distribution concerns aresimilar to those listed previously for customer contacts (i.e.,not collecting information and opt-in and opt-out choices).One aspect of information isclosure hat differs from the cus-tomer contact ssue is that companies may provide assurancethat hey will share nformation electively, that is, with otherparties hat will (1) make offerings to the consumer hat willbe of interest o the consumer and/or (2) use responsibly heinformation hat s shared. These levels of response would pre-sumably be favored by consumers over more general state-ments of sharing nformation. n support of this, Milne (1997)finds that consumers are more willing to allow the transfer fpersonal nformation when response cards state that personalinformation will be provided to "mail-order businesses thathave products or services that we think will be of interest oyou" rather han when response cards state that the informa-tion will be provided merely to mail-order businesses.

Online Retailer Responses o Security ConcernsA key security concern involved in online shopping pertainsto unauthorized hird-party access of consumers' personal

3Although onsumersmay have certain ights o opt out of a customercontactprocedure egardless f the disclosure f such a policy,we focusondisclosure ecausemany consumers ave been shown o be unaware ftheir ightswithrespect o database rivacy ssuesand particularly pt-outprocedures see Rohm ndMilne 1998).


5/9

Journal of Public Policy& Marketing 57

and financial information. Consumer concerns regardingthis issue are highlighted because of publicized securitybreaches of online retailer database information, such asHallmark's discovery that consumers' personal electronicgreeting card messages (on what was likely thought of as asecure site) were actually available to anyone using thesite's search engine (CNN 1999). Given that the presence of

online security concerns may curtail purchase behavior, thealleviation of these concerns would seem to be a key focusof online retailers. We now discuss three potential onlinecommunication practices presumably designed to reduceconsumers' security concerns.

Secure TransactionsThe protection of the online transaction of information(whether personal or financial) is a technological issue. YetInternet security advocates suggest that retailers provideconsumers with information regarding the safeguarding oftransactions, either with clearly labeled "secure servers" orprominent links to security policies (Consumer ReportsOnline

1998; FTC 1998a). Thus,in addition to the actual

provision of secure transaction technology (e.g., secureservers, secure sockets layer encryption), online retailershave been counseled to assuage the concerns of consumersby communicating he security of their online informationsystems.

Online Credit Card Security GuaranteesTo diminish consumer security concerns (see NationalConsumers League 1999) even further, ome online retailershave implemented consumer guarantees against credit cardfraud hat may occur as a result of online divulgence of creditcard information e.g., Amazon.com's safe shopping guar-antee or Wal-mart's online security guarantee). These guar-antees, which sometimes reference the Fair Credit BillingAct (15 U.S.C. 1601-67), typically pledge reimbursementof unauthorized harges made to a credit card f such chargesresulted from purchasing hrough he online retailer's securesystem. Because the maximum retailer liability for such aguarantee would typically be $50 and because cases ofonline credit card fraud from security breaches are reportedas very infrequent, his retail practice would likely serve as areasonable method of allaying consumer concerns.

Alternative Payment OptionsA key consumer concern of online shopping is the intercep-tion of credit card information National Consumers League

1999). A viable retailer response would be the provision ofalternative payment (or ordering) options that enable theonline customer to shift certain components of the transac-tion to the Internet e.g., information acquisition, ordering)while still conducting more vulnerable components (e.g.,actual payment) offline. Several online retailers offer con-sumers the opportunity to complete and submit ordersthrough the Internet, combined with telephone or facsimiletransmission of credit card nformation. Some Web sites alsosuggest mailing, faxing, telephoning, or e-mailing both theorder and the payment if the consumer has concerns over acomplete Web site transaction. Offering alternative paymentmethods is not seen as an ideal retailer response, because theefficiencies of Internet ordering and payment are sacrificed

as the percentage of offline purchase ransactions ncreases.Thus, although this practice may reduce consumer concern,it may also reduce actual online purchasing.

Privacy and Security Disclosures and ConsumerBehaviorAlthough efforts to implement mandatory disclosure of the

previous issues and practices are based on a consumer pri-vacy perspective, the disclosure of privacy and securityinformation may also be useful from a marketing strategyperspective. Specifically, if concerns about privacy andsecurity issues tend to raise risk perceptions and lower pur-chase likelihoods, higher levels of privacy- and security-related disclosure may be useful in stemming such concerns.This, in turn, would be expected to result in lower consumerrisk perceptions and higher purchase ikelihoods. Thus, it isexpected that the percentage of Web sites with (1) privacy-related statements and (2) security-related tatements for aparticular hopping category will be negatively related toconsumer risk perceptions regarding online shopping n that

categoryand would be

positivelyrelated o consumer online

purchase ntentions n that category.

Method and ResultsExamination of Web SitesWeb sites for 381 commercial enterprises based n the UnitedStates and targeting U.S. consumers were visited in the firsttwo months of 1999 and were examined with respect to theprivacy and security ssues raised previously. The Web siteswere randomly ampled from three popular hopping portals(excite.com, yahoo.com, and netscape.com), and each sitewas placed into one of 17 shopping categories that appearedto be the main emphasis of each site's sales efforts at thattime. The 17 categories were fairly common across the por-tal sites and represent a broad array of goods. (A list of spe-cific Web sites is available upon request rom the authors.)

Trained researchers accessed each Web page; searchedfor any information pertaining to privacy and securityissues; and printed he pages on which this information wasfound, pages with links to such information, and the sitehome page (i.e., initial starting page). Each Web site wasthen coded (see Table 1) by the authors with respect to itsinformation egarding 1) customer dentification includingthe use of cookies), (2) customer contact, and (3) informa-tion sharing. The sites were also coded according to thepresence or absence of written information regarding (I)

secure transaction ystems, (2) credit card fraud guarantees,and (3) alternative ordering methods.4 Initial coding agree-ment was high (93% across all variables), and disagree-ments were resolved by discussion. Although the generalapproach used here is comparable o that reported by one ofthe FTC's (1998d) recent studies on e-commerce, the cur-rent research reports not only the presence of informationprivacy and/or security disclosure but also the type and levelof disclosure.

4Third-party ndorsements e.g., seals of approval uch as VeriSign,TRUSTe, ndCPA WebTrust) erenotexamined nthisstudy, orwas heactivation f secure ink icons (i.e., a locked padlock r unbroken ey),whichappear n popularWeb browsers.


6/9


Table 2. Incidence f Privacy- and Security-Related tatements n Commercial Web Sitesa

ConsumerPrivacy-Related tatements Security-Related tatements Perceptions

Customer Infor- Secure Alternative PurchaseShopping Category Identifi- Unsolicited mation Trans- Security Order- Likeli-(Sample Size) cation Contact Sharing Any action Guarantee ing Any Risk hood

Books 21) 33.3 42.9 42.9 61.9 71.4 19.0 61.9 76.2 2.43 3.73Clothing 29) 34.5 44.8 44.8 48.3 55.2 10.3 41.4 62.1 3.95 2.27Computer ardware 13) 61.5 61.5 38.5 69.2 92.3 7.7 53.8 92.3 4.10 2.58Cosmetics/skin are 36) 16.7 36.1 19.4 38.9 47.2 5.6 52.8 61.1 3.86 1.40Department tores 14) 64.3 71.4 64.3 71.4 42.9 7.1 28.6 57.1 3.54 2.18Electronics 12) 58.3 58.3 58.3 75.0 50.0 16.7 33.3 50.0 4.46 2.35Flowers ndgifts (9) 33.3 55.6 55.6 55.6 77.8 0.0 66.7 77.8 3.47 2.77Food and groceries 13) 23.1 46.2 46.2 46.2 61.5 7.7 61.5 76.9 3.95 1.78Hair are 15) 20.0 20.0 40.0 46.7 26.7 0.0 40.0 40.0 3.53 1.43Health oods 25) 16.0 28.0 28.0 32.0 56.0 4.0 72.0 84.0 3.93 1.92Homedecor 27) 7.4 14.8 11.1 22.2 37.0 3.7 51.9 59.3 3.69 1.80Music 51) 17.6 29.4 25.5 45.1 60.8 3.9 49.0 78.4 3.19 3.64Office supplies 35) 17.1 20.0 8.6 25.7 28.6 5.7 31.4 45.7 3.25 2.21 ,Pet supplies 17) 17.6 23.5 17.6 23.5 52.9 0.0 41.2 70.6 3.35 1.28

Rugs and carpets 17) 0.0 5.9 5.9 5.9 11.8 0.0 52.9 52.9 4.10 1.19Sporting oods 35) 8.6 20.0 17.1 28.6 45.7 2.9 40.0 60.0 3.58 2.16Toys and games 12) 41.7 75.0 75.0 83.3 83.3 8.3 33.3 83.3 3.57 2.55Overall 381) 23.1 33.6 29.4 41.5 50.7 5.8 47.5 65.6

aAllnumbers or privacy nd ecurity nformation repercentages f sites within particular ategory hat avesome ypeof notification statement, olicy,and so forth) oconsumers egarding heprivacy r security ssue n question.

bRisk ndpurchaseikelihoodumbersepresentggregated eansrom heconsumerurvey.

Descriptive ResultsThe general results show that the disclosure of online pri-vacy practices has risen since the March 1998 FTC (1998e)survey and is comparable o the March 1999 survey (Culnan

1999a). Although the 1998 FTC study indicates that 14% ofcommercial Web sites made mention of practices related toconsumer nformation privacy and Culnan (1999a) reports a65.9% disclosure rate in March 1999, our data(January/February 999) show overall disclosure (i.e., thepresence of any type of privacy statement) to be 41.5%.(Note that direct comparisons across these studies are notfeasible because of differences in the samples used.) Wepresent the results from the study in Table 2.

For individual types of privacy concerns, disclosure ofpractices related to unsolicited customer contact constituted33.6% (n = 128) of the current ample. Regarding he vari-ous levels of privacy protection, 19 (5.0%) promised nounsolicited contacts, 38 (10.0%) contacted only if requested,60 (15.7%) provided an opt-out alternative, and 11 (2.9%)stated that contacts would occur but did not give an opt-outalternative. The remaining 253 (66.4%) sites provided noinformation regarding unsolicited consumer contacts.5

The sharing of information with other companies was dis-closed by only 112 (29.4%) of the examined online retailers.With respect to privacy protection levels, 65 sites (17.1%)reported no sharing of consumer information; 2 (.5%)shared information only if requested by the customer (anopt-in procedure); 19 (5.0%) carefully shared informationbut provided an opt-out alternative, whereas 16 (4.2%)merely provided the opt-out alternative; 3 (.8%) agreed toshare carefully but had no opt-out procedure; and 7 (1.8%)merely shared nformation without further notification. Theremaining 269 sites (70.6%) had no such privacy statement.

Online customer dentification procedures had the lowestdisclosure rates: Only 88 sites (23.1%) offered this type ofstatement. Nineteen sites (5.0%) explicitly stated that theynever identified customers who access the site, 12 (3.1%)provided an opt-in alternative, 18 (4.7%) provided an opt-out alternative, and 39 (10.2%) stated that they identifiedcustomers but did not provide any opt-out alternatives.

With respect to methods of responding to security con-cerns, 250 sites (65.6%) disclosed at least one of the threesecurity-related ractices described previously. Specifically,193 (50.7%) indicated that transactions were secure, butI

50Ofhe 381 commercialWeb sites n the sample, 8 did not allowa fullpurchase ransaction-including ayment y credit ard-to be madeoverthe Internet. owever,many f thesites tillallowed onpaymentommuni-cation of personal nformation, uch as askingquestions, oining mailinglists, tating roduct references, nd ven online rdering ithpreshipment,postshipment, r CODbilling.Because hese itesstillcollectpersonal ndsome inancial onsumer nformation, anyprivacy dvocates ontend hatthe online retailers hould still disclose privacy and security practices.Nevertheless, e present n this ootnote heaggregate rivacy nd ecurityfigures oronly hoseWeb ites hat llowed redit ard ransactions.

Of the293sitesallowing redit ard ransactions, 46 49.8%) ad ometypeof privacy tatement. isclosure igures or he ndividual ypesof pri-vacy concernswere 118 (40.3%) or unsolicited ustomer ontacts, 102(34.8%) or customer nformation istribution, nd 82 (28%) or onlinecustomer dentification. Regarding ecurity-related tatements, 230(78.5%) ad ome ypeof security tatement, 92(65.5%) ommunicatedthe presence f secure ransaction ystems, 2 (7.5%)had online ecurityguarantees, nd 161 (54.9%) explicitly disclosed alternative aymentmethods.


7/9

Journal f PublicPolicy& Marketing 59

only 22 (5.8%) guaranteed hat security. Finally, 181 sites(47.5%) explicitly offered alternative purchasing methods.

The disclosure rates varied considerably across shoppingcategories. As can be seen in Table 2, Web site categoriessuch as department stores and toys and games had higherpercentages of privacy statements, whereas lower percent-ages were found in categories such as home decor and rugs

and carpets.The Relationship Between E-Retailer Responsesand Consumer PerceptionsTo examine whether he prevalence of privacy and securitydisclosures relates to consumer perceptions, we comparedthe Web site examination detailed previously with a subsetof data from a March 1999 investigation of 160 Internetusers.6 The data are from a pencil-and-paper urvey used toexplore consumers' Internet usage activities and their per-ceptions regarding online shopping. Among other items notexamined here, the questionnaire ncluded purchase ikeli-hood and risk perception measures for 17 categories of

goods sold online at the time of the study; these categoriesmatched those used for the Web site examination. Purchaselikelihood for each category was measured with a seven-point response item that asked how likely respondents wereto make Internet purchases or each shopping category andwas anchored with "very unlikely" 1) and "very ikely" (7).Risk perception was assessed by asking how risky onlinepurchases are in each category on a scale anchored with "notrisky" 1) and "risky" 7).

To assess the expected relationships, he percentages ofprivacy- and security-related tatements from the Web siteexamination (Columns 5 and 9 of Table 2) were comparedwith the risk perceptions and purchase ikelihoods from theconsumer survey at -the shopping category level.Spearman's rank correlations were calculated for each pairof variables.

Although the prevalence of privacy and security state-ments was expected to be negatively correlated with riskperceptions, analyses showed no relationship or either pri-vacy (rs = -.06, n.s.) or security (rs = -.01, n.s.). However,the percentage of privacy statements n a category was pos-itively related (as expected) to category-level online pur-chase likelihoods (rs = .65, p < .01). Likewise, the percent-age of security statements in a category was positivelyrelated to online purchase ikelihoods (rs = .44, p < .05).7

DiscussionIn addition to providing a comparison point with FTC-related research, the present examination of commercial

Web sites delves further nto Internet privacy and securityissues by examining the degree of favorableness of actualonline retailer practices from a privacy policy perspective.In addition, by integrating data from a consumer survey, weshow that a positive relationship xists between the percent-age of privacy- and security-related tatements on Web sitesfor particular online shopping categories and consumers'

online purchase ikelihoods for those categories.8Limitations and Future Research DirectionsAlthough the examination presented here is helpful forunderstanding disclosure practices of online retailers, sev-eral limitations should be addressed in further research.First, the rapid growth of the Internet and online shoppingpractices makes published research uch as this dated by thetime of publication. The examination of online disclosurepractices should be an ongoing research effort, particularlywith respect to how such practices may affect consumer per-ceptions. A second limitation involves the measure of per-ceived risk used in the consumer survey. More-specific

measures of perceived risk would aid in understanding owconsumers perceive the various dimensions of risk withrespect to online shopping. For example, various riskdimensions may be more salient depending on the productcategory that is being considered for online purchase.Finally, instead of examining only perceived risk towardgeneral online shopping, specific assessments of risk regard-ing privacy, online retailer fraud, and the security of onlinetransaction systems would be helpful for understandingthose aspects that may be influenced by online disclosures.

There are several directions that future policy-relatedmarketing research can take to advance knowledge that willbe beneficial to both consumers and businesses. For exam-ple, much of the proposed legislation is targeted towardmandatory disclosures of online retailers' collection, use,and dissemination of consumer data. These disclosures areoften seen by policymakers as necessary information oolsso that consumers can operate with more complete knowl-edge of retailer practices Andrews 1998). The same disclo-sures may be seen by retailers as an opportunity o reduceconsumer concerns regarding privacy issues. An approachsuggested by Milne and Boza (1999) uses concepts fromrelationship marketing o focus online retailer responses toprivacy and security issues so that these responses empha-size the development and improvement of trust betweenmarketers nd consumers. Thus, instead of focusing on con-cerns, the focus shifts to trust, which Milne and Boza

describe as a distinct approach to managing potential pri-vacy issues regarding database management cf. Milne andGordon 1993). Because the method or format of informationdisclosures can affect consumer perceptions and behavior(e.g., Sprott, Hardesty, and Miyazaki 1998), research thatexamines how such approaches can satisfy new legislativerequirements would be helpful. Consumers would receiveRespondents ererandomly olicited n a major nternational irport fa large U.S.city (theeffective esponse atewas84.7%). eeMiyazaki nd

Fernandez 2000) or survey etails, ncluding ample haracteristics.7In upport f our previous uggestion hatalternative rderingmethods

may not be as effective n increasing nlineordering s the other ecurityinformation isclosures, heSpearman's ank orrelation etween lterna-tive ordering methods nd purchase ikelihoodswas nonsignificant rs =.06),whereas hecorrelation etween herate hat ither f the other ecu-rity statements ppeared ndpurchase ikelihoods assignificant r, = .65,p


8/9


the disclosures required by policymakers, and marketerswould enjoy the benefits of increased effectiveness from amanagerial perspective.

Although several legislative efforts appear o be directedat e-commerce, policymakers should continue to evaluatenot only online practice and consumer perceptions but alsoexpert opinion regarding he seriousness of threats such as

undisclosed customer identification and tracking-twoissues that have received little attention n pending legisla-tion. In addition, privacy and security concerns may havedifferential effects on consumer perceptions and behavior,perhaps complicating policymakers' efforts to inform con-sumers of unsafe online practices while still avoidingunnecessary deceleration of Internet adoption rates. Assuch, the barrage of privacy and security warnings ssued toconsumers may have mixed effects on consumer confi-dence, particularly as the Internet becomes perceived as anecessary element of modern life.

An additional concern s the direction n which legislationis headed. Petty (1998) contends that though there will becontinued efforts to reduce

deceptive practices,the

emerg-ing focus will be on reducing unfairness, particularly as itapplies to the targeting of potentially vulnerable audi-ences-a practice that will be increasingly easy to facilitateas Internet-related atabase nformation grows.

As the popularity of the Internet ontinues to rise, the pri-vacy and security issues discussed here will inevitablychange. Future alternatives to credit cards, such as elec-tronic money or "e-cash" Rothfeder 1997), are unlikely torelieve consumer concerns regarding privacy and security.Similarly, online credit card guarantees, though calmingsome system security worries, may do little to resolve pri-vacy concerns. Conversely, third-party ndorsers, such asTRUSTe, Better Business Bureau Online, or WebAssurance Bureau, may be useful in building trust betweenconsumers and participating nline retailers with respect toprivacy but may not resolve security issues. The introduc-tion of security-related eals of approval, however, such asVeriSign and CPA WebTrust, may resolve this concern. Insummary, the solution to many of these matters, from bothprivacy and security perspectives, will likely derive from acombination of strategic actions, such as guarantees orendorsements, and the incorporation of various theoreticalapproaches, such as building trust and adhering to impliedsocial contracts.

ReferencesAndrews, J. Craig (1998), "Warnings nd Disclosures: pecialEditor's Note," Journal of Public Policy & Marketing, 17(Spring), 1-2.

Bloom, Paul N., George R. Milne, and Robert Adler (1994),"Avoiding Misuse f New Information echnologies: egalandSocietal Considerations," ournal of Marketing, 8 (January),98-110.

Brinkley, Joel (1998), "F.T.C. Surfs the Web and Gears Up toDemandPrivacyProtection," ewYorkTimes, September 1),1,4.

Briones, MaricrisG. (1998), "Internet nnovations-and PrivacyIssues-Remain Marketing's iggestStory," Marketing ews,(December ), 1, 16.

Chonko, Lawrence B. (1995), Ethical Decision Making inMarketing. housand aks,CA: Sage Publications.

CNN (1999), "A Hallmark Nightmare: Online Glitch MakesIntimate Messages Public," CNN Interactive, February 2),(accessedFebruary 2), [available t http://cnn.com/US/9902/12/romeos.revealed.ap].

Consumer Reports Online (1998), "Some Bits and Bytes of

Consumer-Friendly ites," special report, accessedFebruary18), [available at http://www.consumersunion.org/SpeciallSamples/Reports/9812shp2.htm].

Culnan,Mary . (1995),"Consumer wareness f Name RemovalProcedures: mplications or Direct Marketing," ournal ofDirect Marketing, 9 (Spring), 10-19.

- (1999a), "Georgetown nternet Privacy Policy Survey:Report o the Federal Trade Commission," June), accessedJuly 27), [available at http://www.msb.edu/faculty/culnanm/gippshome.html].

- (1999b),"Privacy nd he Top 100 Web Sites: Report otheFederal radeCommission," repared or heOnlinePrivacyAlliance, (June), (accessed November 22), [available at

http://www.privacyalliance.org/resources/100_summary.shtml].Cyberspace awInstitute 1999),"The Public PolicyProblems fthe Internet," accessedJanuary 8), [available t http://www.cli.org/selford/problems.htm].

Ernst & Young (1999), "Second Annual Internet ShoppingSurvey," accessedAugust2), [available t http://www.ey.com/industry/consumer/internetshopping].

Federal Trade Commission 1998a), "Consumer rivacy on theWorld Wide Web," prepared tatement presented to theSubcommittee n Telecommunications, rade and ConsumerProtection f the HouseCommittee n Commerce,U.S. Houseof Representatives, ashington, C (July 21).

- (1998b), "Cybersmarts: ips for Protecting Yourself WhenShoppingOnline," July 1998), accessed anuary 9),[availableat http://www.ftc.gov/bcp/conline/pubs/online/cybrsmrt.htm].

- (1998c), "Fraud Could Slow Growth of ElectronicCommerce," TC Press Release June 25), FTC File No. P97-4406.Washington, C:Federal radeCommission.

- (1998d), "FTC Releases Report on Consumers' OnlinePrivacy," TCPress Release June ), FTC File No. 954-4807.Washington, C:Federal radeCommission.

- (1998e), nternet rivacy,prepared tatement resented othe Subcommittee n Courts and Intellectual roperty f theHouse Committee on the Judiciary, U.S. House ofRepresentatives, ashington, C (March 6).

- (1999), FTC International Web Survey: Disclosure ofGeneral Business and Contract-Related nformation by Online

Retailers, presented at U.S. Perspectives on ConsumerProtection n the Global Electronic Marketplace ublic work-shop, (June 8-9), (accessed November 22), [available athttp://www.ftc.gov/bcp/icpw/index.htm].

Folkers, Richard 1998), "Jimmying he Internet: Why the U.S.Encryption tandard s Very Vulnerable," .S.News & WorldReport, September 4),45-46.

Foxman, Ellen R. and Paula Kilcoyne (1993), "InformationTechnology,Marketing ractice, ndConsumer rivacy: thicalIssues," Journal of Public Policy & Marketing, 12 (Spring),106-19.

Goodwin, Cathy (1991), "Privacy: Recognition f a ConsumerRight," Journal of Public Policy & Marketing, 19 (Spring),149-66.


9/9

Journal of Public Policy & Marketing 61

Hoffman, Donna L. and Thomas P. Novak (1996), "Marketingin Hypermedia Computer-Mediated Environments:Conceptual Foundations," ournal of Marketing, 0 (July),50-68.

Holstein,William .,SusanGregory homas, ndFred Vogelstein(1998), "Click 'Til You Drop," U.S. News & World Report,(December ), 42-45.

Jones, MaryGardiner 1991),"Privacy: SignificantMarketingIssue for the 1990s," Journal of Public Policy & Marketing, 10(Spring), 33-48.

Judge, Paul C. (1998), "How Safe Is the Net?" BusinessWeek,(June 22), 148-52.

Machrone, ill (1998),"Trust Me?"PC Magazine, June ), 85.

Milne, George R. (1997), "Consumer articipation n MailingLists: A Field Experiment," Journal of Public Policy &Marketing, 6(Fall), 298-309.

- and Maria-Eugenia oza (1999), "Trust nd Concern nConsumers' erceptions f Marketing nformation anagementPractices," Journal of Interactive Marketing, 13 (1), 5-24.

- and Mary Ellen Gordon 1993), "Direct Mail Privacy-Efficiency Trade-Offs Within an Implied Social ContractFramework," ournal of Public Policy & Marketing, 12 (Fall),206-13.

Miyazaki, Anthony D. and Ana Fernandez 2000), "ConsumerPerceptions f Privacy ndSecurity isks or Online hopping,"working aper, Marketing epartment, niversity f Miami.

National Consumers League (1999), "Consumers n the 21stCentury," May 19), (accessed August 2), [available athttp://www.natlconsumersleague.org/FNLSUM.PDF].

Petty, Ross D. (1998), "Interactive arketing nd the Law: The

Future Rise of Unfairness," ournal of Interactive Marketing, 12(Summer), 1-31.

Rohm,Andrew .andGeorgeR.Milne 1998),"Emerging arketingandPolicy ssues nElectronic ommerce: ttitudes ndBeliefs fInternet Users," n Marketing nd Public Policy Proceedings, Vol.8, Alan Andreasen, lex Simonson, nd N. Craig Smith, eds.Chicago: mericanMarketing ssociation, 3-79.

Rothfeder, effrey 1997), "No Privacy on the Net," PC World,(February), 23-29.

Samuel,Alexandra ndAbby Scher 1999),"CookiesAre Not SoSweet-Online Database Marketing," Dollars & Sense,(January/February), .

Sprott, David E., David M. Hardesty, nd AnthonyD. Miyazaki

(1998), "Disclosure f Odds Information: n ExperimentalInvestigation f Odds Format and Numeric Complexity,"Journal of Public Policy & Marketing, 17 (Spring), 11-23.

internet privacy and security

Documents