Privacy Policy Statements Research Articles

Investigating the Privacy Policy Adoption among Malaysia E-Government Websites: Towards Conceptualizing the E-Privacy Assessment Framework

Malaysia E-government had improved the government services and overcome barriers faced by the public in the offline environment. The government initiatives to safeguard the interest of the public had transcended to include privacy protection. The Personal Data Protection Act 2009 is considered as one of the initiatives that had been successfully passed by the Malaysia Government by April 2010. However, the implementation and governance of the Act is still subjected to minister’s decision. This study aims in parallel with the government initiatives by investigating the adoption of privacy policy among the Malaysia's egovernment websites. This study is importance towards examining the current level of awareness for the importance for privacy protection being provided for the public, before the full enforcement of the Act. Samples of 154 websites were selected by using convenient sampling from Malaysia government portal (http://www.malaysia.gov.my), which comprises of federal and state governments. The evaluation process was done by using personal observation through an adopted indicators of privacy policies from Jamal Maier and Sunder in 2002 by observing the links provided for 'privacy policy statements', 'privacy policy notice' and 'privacy policy'. The study revealed several issues pertaining privacy policy adoption among Malaysia e-government site and highlights few recommendations and future works towards conceptualization of e-privacy assessment framework in Malaysia e-government context.

Evaluating the Readability of Privacy Policies in Mobile Environments

Recent work has suggested that the current “breed” of privacy policy represents a significant challenge in terms of comprehension to the average Internet-user. Due to display limitations, it is easy to represent the conjecture that this comprehension level should drop when these policies are moved into a mobile environment. This paper explores the question of how much does comprehension decrease when privacy policies are viewed on mobile versus desktop environments and does this decrease make them useless in their current format? It reports on a formal subject-based experiment, which seeks to evaluate how readable are privacy policy statements found on the Internet but presented in mobile environments. This experiment uses fifty participants and privacy policies collected from ten of the most popular web sites on the Internet. It evaluates, using a Cloze test, the subject’s ability to comprehend the content of these privacy policies.

South African banks and their online privacy policy statements: A content analysis

In Internet banking and Internet-related transactions, security and privacy are of great concern. To alleviate these concerns, the South African government has promulgated the Electronic Communications and Transactions (ECT) Act No. 25 of 2002. The Act regulates all electronic communication transactions in South Africa. Business organisations implement the Act by, for example, posting a privacy policy statement on their websites, which, in accordance with the requirements of the ECT Act, states how the organisation will use any personal identifiable information provided by the client. This study investigates whether South African banks that subscribe to the ECT Act comply with the principles relating to the protection of a consumer’s personal information. The study employed the research methods of content analysis and interviews. The findings indicate that some banks only complied with a few of the ECT Act principles, which, according to the interview respondents, undermines the levels of trust which are in play between their banks and themselves. The respondents themselves were not fully aware of all the ECT Act requirements. This lack of awareness results in consumers failing to assess the comprehensiveness of their bank’s policy statements and to what extent such banks comply with the ECT Act.

A user-centric evaluation of the readability of privacy policies in popular web sites

This paper reports on a formal subject-based experiment, which seeks to evaluate the readability of privacy policy statements found on the Internet. This experiment uses 50 participants and privacy policies collected from 10 of the most popular web sites on the Internet. It evaluates, using a cloze test, the subjects' ability to comprehend the content of these privacy policies. The paper also compares its results with the results from previous studies on this topic. In general, it finds that privacy policies are "difficult" to comprehend.

Opportunities and threats: A security assessment of state e-government websites

This study assessed the security of the U.S. state e-government sites to identify opportunities for and threats to the sites and their users. The study used a combination of three methods – web content analysis, information security auditing, and computer network security mapping – for data collection and analysis. The findings indicate that most state e-government sites posted privacy and security policy statements; however, only less than half stated clearly what security measures were in action. Second, the information security audit revealed that 98% of the sites secured users' accounts with SSL encryption for data transmission, and the sites' search tools enable public users to search for public information only. Third, although the sites had most of their internet ports filtered or behind firewalls, all of them had their main IP addresses detected and their port 80/tcp open. The study discussed the threats and opportunities and suggested possible solutions for improving e-government security.

Privacy and Health in the Information Age: A Content Analysis of Health Web Site Privacy Policy Statements

This article reports a content analysis of the privacy policy statements (PPSs) from 97 general reference health Web sites that was conducted to examine the ways in which visitors' privacy is constructed by health organizations. PPSs are formal documents created by the Web site owner to describe how information regarding site visitors and their behavior is collected and used. The results show that over 80% of the PPSs in the sample indicated automatically collecting or requesting that visitors voluntarily provide information about themselves, and only 3% met all five of the Federal Trade Commission's Fair Information Practices guidelines. Additionally, the results suggest that the manner in which PPSs are framed and the use of justifications for collecting information are tropes used by health organizations to foster a secondary exchange of visitors' personal information for access to Web site content.

Health information-seeking and perceptions of website credibility: Examining Web-use orientation, message characteristics, and structural features of websites

The study reported here examined perceptions of health website credibility during the process of acquiring health information using the World Wide Web. The relationships between perceptions of website credibility and both message characteristics (e.g., statistics, testimonials) and structural features of health websites (e.g., privacy policy statement, third-party endorsements) were assessed. Additionally, one’s Web-use orientation (i.e., searching or surfing) was evaluated as a moderator of the preceding relationships. The results showed a positive relationship between the presence of structural features and perceptions of website credibility as well as a positive relationship between the presence of message characteristics and attitudes about the health topic. Although Web-use orientation moderated the relationship between message characteristics and perceptions of website credibility, the nature of this relationship was inconsistent with study predictions.

Do Companies' Online Privacy Policy Disclosures Match Customer Needs?

Along with companies' increased interest in the use of personal information and the growing concerns of customers, privacy emerges as a critical issue in an e-commerce environment. Although several researchers have examined companies' privacy practices using posted privacy policy disclosures, few studies have investigated companies' privacy policies against Fair Information Practices (FIP). This study investigates companies' privacy policy statements and important privacy policies that individuals want to know against FIP. We examine the privacy policy statements of 136 companies from U.S. and Canada and relate them to the results of a Web-based user survey of 210 respondents. Our findings reveal a difference in companies' privacy policies between U.S. and Canada. The Security Safeguards and Use Limitation principles were the two most important companies' privacy policies that individuals want to know. The Security Safeguards and Purpose Specification principles were the two most frequently addressed OECD principles in more information-sensitive industries while the Purpose Specification and Openness principles were the two most frequently addressed principles in less information-sensitive industries. Thus, there is a gap between what privacy policies individuals value and what companies in less information-sensitive industries disclose in their privacy policy statements. However, companies in more information-sensitive industries frequently disclose an important privacy policy (i.e., Security Safeguards) that individuals want to know.

Consumer trust: privacy policies and third‐party seals

PurposeThis study aims to compare the effectiveness of third‐party seals with self‐reported privacy policy statements with regard to the willingness of potential e‐commerce customers to provide web sites with various types of personal information.Design/methodology/approachA survey was administered to 374 graduate business students at two Midwestern universities in the USA.FindingsThe results indicated that third‐party seals were not as effective as self‐reported privacy statements with a strong guarantee of security.Research limitations/implicationsThis study did not provide any evidence to support the necessity for small enterprises to incur the added costs in terms of money and time required to obtain a third‐party seal. Rather the results suggest small enterprises may increase consumer trust more effectively through strong privacy policy statements.Originality/valueThis study provides useful information on the effectiveness of third‐party seals with self‐reported privacy policy statements with regard to the willingness of potential e‐commerce customers to provide web sites with various types of personal information.

Online Privacy in China: A Survey on Information Practices of Chinese Websites

This paper is a survey on the information practices of Chinese websites. Three groups of Chinese commercial websites were selected and their information practices were analysed and compared with the generally accepted principles of online information practices. Survey results indicated that Chinese websites collected a vast amount of personal data through various forms. The percentage of websites posting privacy disclosures was comparatively small. For those sites with privacy policy or discrete privacy statement, their information practices did not accord with generally accepted principles of information practices. The paper presents recommendations for China to deal with such a legal issue that makes national borders meaningless.

ARE PRIVACY POLICIES MORE CLEAR AND CONSPICUOUS IN 2006 THAN 2001? A LONGITUDINAL STUDY OF THE FORTUNE 100

Concern over the effectiveness of privacy policy statements has been the focus of numerous studies. Most studies have concluded that plenty of room exists for improving policy statements, both in terms of their readability as well as their adherence to fair information principles. However, few studies have examined the effectiveness of policy notices beyond a single point in time to determine whether or not organizations have made improvements. The current study compares the effectiveness of Fortune 100 policy notices in terms of clearness and conspicuousness for 2001 and 2006.

Your privacy is assured - of being disturbed: websites with and without privacy seals

Privacy seals were developed to address concerns about online privacy. However, seals are widely misinterpreted by consumers as privacy protection. This research assessed how well privacy policies matched the standards promised by the seal authorities and compared the privacy protection practices of participating and non-participating sites. Privacy policy statements were interpreted as a form of persuasive communication that attempts to minimize the risks of providing personal information while emphasizing the benefits of personal disclosure. There were few differences in the privacy practices between seal authorities: TRUSTe and BBBOnLine participants offered about the same degree of privacy protection assurances and they were equal with regard to the amount or depth of personal information they requested. Notably, unsealed sites offered nearly equal privacy assurances and made fewer personal information requests than the sealed sites. However, seal program participants did provide superior access to information and assurances of data security.

Privacy Policy Statements and Consumer Willingness to Provide Personal Information

Consumers’ concerns about information privacy are a primary obstacle to the success of e-commerce. The adoption of privacy policy statements is a direct response to this concern. This exploratory study examined the willingness of graduate students (who, by virtue of age, education, and income, are representative of typical Internet consumers) to provide various types of personal information given varying degrees of protection offered by privacy policy statements. The results demonstrated that the willingness to provide information to Web merchants increased as the level of privacy guaranteed by the statements increased. More importantly, the level of privacy promised by the statements interacted with respondents’ prior familiarity with policy statements in terms of their willingness to provide personal information. The results also demonstrated that while most individuals were aware of privacy policy statements, less than half of the respondents had ever read a privacy statement.

Would Regulation of Web Site Privacy Policy Statements Increase Consumer Trust?

An international association advancing the multidisciplinary study of informing systems. Founded in 1998, the Informing Science Institute (ISI) is a global community of academics shaping the future of informing science.

The Rhetoric of Misdirection in Corporate Privacy-Policy Statements

U.S. businesses wish to continue to profit by collecting personal information from their website visitors, yet they fear that the practice both alienates visitors and exposes them both to legal problems from U.S. authorities and business sanctions from data-privacy authorities in Europe and Canada. This dilemma is reflected in the typical corporate privacy-policy statement, which is full of misleading and deceptive rhetoric intended to cover up the gap between the company's privacy policy and the image it wishes to project.